You applied the patch that could stop possible RCE attacks last week, right? A critical security hole in Apache Struts 2 – patched last week – is currently being exploited using publicly ...

A recently patched critical Apache Struts 2 vulnerability tracked as CVE-2024-53677 is actively exploited using public proof-of-concept exploits to find vulnerable devices.

As Apache notes: "Using the old File Upload mechanism keeps you vulnerable to this attack." Despite web app developers often opting for different frameworks nowadays, Struts 2 remains widely popular.