[org.apache.struts:struts2-core] Code injection in Apache Struts

Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors.

References

• https://nvd.nist.gov/vuln/detail/CVE-2013-4316
• http://archives.neohapsis.com/archives/bugtraq/2013-09/0107.html
• http://struts.apache.org/release/2.3.x/docs/s2-019.html
• https://github.com/advisories/GHSA-j7h6-xr7g-m2c5