7 matches found
EUVD-2018-11219
Malware in sbrugna...
Command injection
HTTL aka Hyper-Text Template Language through 1.0.11 allows remote command execution because the decodeXml function uses XStream unsafely when configured with an xml.codec=httl.spi.codecs.XstreamCodec setting...
CVE-2018-19531
HTTL aka Hyper-Text Template Language through 1.0.11 allows remote command execution because the decodeXml function uses java.beans.XMLEncoder unsafely when configured without an xml.codec= setting...
Command injection
HTTL aka Hyper-Text Template Language through 1.0.11 allows remote command execution because the decodeXml function uses java.beans.XMLEncoder unsafely when configured without an xml.codec= setting...
CVE-2018-19531
HTTL aka Hyper-Text Template Language through 1.0.11 allows remote command execution because the decodeXml function uses java.beans.XMLEncoder unsafely when configured without an xml.codec= setting...
CVE-2018-19530
HTTL aka Hyper-Text Template Language through 1.0.11 allows remote command execution because the decodeXml function uses XStream unsafely when configured with an xml.codec=httl.spi.codecs.XstreamCodec setting...
HTTL Remote Command Execution Vulnerability (CNVD-2019-05940)
HTTL also known as Hyper-Text Template Language is an open source Java template engine , it is mainly used for dynamic HTML page output . HTTL 1.0.11 and earlier versions of the 'decodeXml' function has a security vulnerability that stems from the fact that when configured with...