When the dynamic call is enabled for Struts2, attackers may remotely run code for attacking. For more information, see http://struts.apache.org/docs/s2-032.html.
Struts 2.3.20 - 2.3.28 (except 22.214.171.124 and 126.96.36.199)
How to fix
Use Alibaba Cloud Security WAF to intercept attack code of the vulnerability.
Currently, Struts 188.8.131.52, 184.108.40.206, and 220.127.116.11 are available on the official website to fix this vulnerability. Accordingly, you can upgrade your Struts to the relevant version. The download address is https://struts.apache.org/download.cgi#struts23281.