Apache Struts is a free and open-source framework used to build Java web applications. Apache Struts2 S2-057 has a remote code execution vulnerability. When alwaysSelectFullNamespace is true (either by the user or by a plugin like Convention Plugin), Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 are vulnerable to Remote Code Execution. Results are used with no namespace and, at the same time, its upper package has no or wildcard namespace; similarly, when using url tags with no value and action set and, at the same time, its upper package has no or wildcard namespace; and, similarly to results, when using url tags with no value and action set and, at the same time, its upper package has no or wildcard namespace.