Those using JXPath to interpret untrusted XPath expressions may be vulnerable to a remote code execution attack. All JXPathContext class functions processing a XPath string are vulnerable except compile()
and compilePath()
function. The XPath expression can be used by an attacker to load any Java class from the classpath resulting in code execution.