Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
HTTL (aka Hyper-Text Template Language) through 1.0.11 allows remote command execution because the decodeXml function uses XStream unsafely when configured with an xml.codec=httl.spi.codecs.XstreamCodec setting.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
HTTL 安全漏洞
Vulnerability Description
HTTL(又名Hyper-Text Template Language)是一款开源的Java模板引擎,它主要用于动态HTML页面输出。 HTTL 1.0.11及之前版本中的‘decodeXml’函数存在安全漏洞,该漏洞源于当配置有xml.codec=httl.spi.codecs.XstreamCodec时,程序使用‘xstream’函数进行xml数据处理。远程攻击者可利用该漏洞执行命令。
CVSS Information
N/A
Vulnerability Type
N/A