Apache Struts 2.x < 2.5.22 Remote Code Execution (S2-059)

Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. No source data...