Why Is Apache Struts So Vulnerable?

Apache Struts is a well-known development framework for Java-based web applications and is mostly used in enterprise environments. If you search for Apache Struts CVEs on MITRE, you currently get 77 results, and most of the critical ones are due to OGNL expression injection, which is very similar to SSTI (Server Side Template Injection) attacks.

Read full article on Dzone