When the dynamic call is enabled for Struts2, attackers may remotely run code for attacking. For more information, see http://struts.apache.org/docs/s2-032.html.
Struts 2.3.20 - 2.3.28 (except 220.127.116.11 and 18.104.22.168)
How to fix
Use Alibaba Cloud Security WAF to intercept attack code of the vulnerability.
Currently, Struts 22.214.171.124, 126.96.36.199, and 188.8.131.52 are available on the official website to fix this vulnerability. Accordingly, you can upgrade your Struts to the relevant version. The download address is https://struts.apache.org/download.cgi#struts23281.