Apache Struts versions 2.5 through 2.5.12 REST plugin XStream remote code execution exploit.
5eefb225f4d65b10a8f7ab5d82a391bc22c225f2af56069b5ef63bc964f11659
Apache Struts versions 2.5 through 2.5.12 using the REST plugin are vulnerable to a Java deserialization attack in the XStream library.
733707ff1693492ed26a3fc45635dfec661cbb6f0cba034160e94e43f171f6b9