Apache Struts2 Remote Command Execution (S2-053)

Description
  • A possible Remote Code Execution attack when using an unintentional expression in Freemarker tag instead of string literals.
Remediation
  • Upgrade to Struts 2.5.12 or Struts 2.3.34
References