HTTL (aka Hyper-Text Template Language) up to and including 1.0.11 allows remote command execution because the decodeXml function uses java.beans.XMLEncoder unsafely when configured without an xml.codec= setting.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
httl project httl |