3 matches found
CVE-2018-19531
HTTL aka Hyper-Text Template Language through 1.0.11 allows remote command execution because the decodeXml function uses java.beans.XMLEncoder unsafely when configured without an xml.codec= setting...
CVE-2018-19531
HTTL aka Hyper-Text Template Language through 1.0.11 allows remote command execution because the decodeXml function uses java.beans.XMLEncoder unsafely when configured without an xml.codec= setting...
CVE-2018-19531
HTTL (Hyper-Text Template Language) 1.0.11 and earlier is vulnerable to remote command execution due to unsafe use of java.beans.XMLEncoder in decodeXml when xml.codec is not configured. This is documented across multiple sources (NVD entry CVE-2018-19531, Veracode note, and OSV/CVE references). ...