Apache Struts 2.0.0 to 2.5.26 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.
No source data
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17530
cwiki.apache.org/confluence/display/WW/S2-061