A vulnerability in Apache Struts (CVE-2019-0230) can lead to remote code execution in some circumstances.
The Department of Justice indicted four members of China's People's Liberation Army in connection with the Equifax data breach in 2017.
Apache has fixed a root privilege escalation vulnerability in its popular web server software, which runs on millions of servers.
There is a serious flaw in the file upload component in the Struts 2.3.x framework that can lead to remote code execution on vulnerable apps.
The original vulnerability may be in a jQuery plugin, but the disconnect in how web developers use .htaccess with the Apache web server and how the server is actually configured means there are potentially more applications out there that are vulnerable to attack.