As Apache notes: "Using the old File Upload mechanism keeps you vulnerable to this attack." Despite web app developers often opting for different frameworks nowadays, Struts 2 remains widely popular.

Hackers are attempting to leverage a recently fixed critical vulnerability (CVE-2023-50164) in Apache Struts that leads to remote code execution, in attacks that rely on publicly available proof ...

A recently patched critical Apache Struts 2 vulnerability tracked as CVE-2024-53677 is actively exploited using public proof-of-concept exploits to find vulnerable devices.