CVE-2017-12611: struts: RCE attack when using an unintentional expression in Freemarker tag instead of string literals

Severity: Critical

CVSS Score: 9.8

In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack.