0.01 Low
EPSS
Percentile
83.8%
HTTL is vulnerable to remote code execution (RCE). The vulnerability is due to the unsafe use of XStream in the function decodeXml with xml.codec=httl.spi.codecs.XstreamCodec setting.
XStream
decodeXml
xml.codec=httl.spi.codecs.XstreamCodec
github.com/httl/httl/issues/225