exploitDog

GHSA-6j96-6x23-46xg

Опубликовано: 14 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 9.8

Описание

HTTL (aka Hyper-Text Template Language) through 1.0.11 allows remote command execution because the decodeXml function uses java.beans.XMLEncoder unsafely when configured without an xml.codec= setting.

HTTL (aka Hyper-Text Template Language) through 1.0.11 allows remote command execution because the decodeXml function uses java.beans.XMLEncoder unsafely when configured without an xml.codec= setting.

Ссылки

EPSS

Процентиль: 90%

0.0566

Низкий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-20

Связанные уязвимости

CVE-2018-19531

CVSS3: 9.8

nvd

около 7 лет назад

HTTL (aka Hyper-Text Template Language) through 1.0.11 allows remote command execution because the decodeXml function uses java.beans.XMLEncoder unsafely when configured without an xml.codec= setting.

EPSS

Процентиль: 90%

0.0566

Низкий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-20