Find real vulnerabilities before they ship
Vulnerability Database › maven › CVE-2015-1831
The default exclude patterns (excludeParams) in Apache Struts 2.3.20 allow remote attackers to "compromise internal state of an application" via unspecified vectors.