Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
HTTL (aka Hyper-Text Template Language) through 1.0.11 allows remote command execution because the decodeXml function uses java.beans.XMLEncoder unsafely when configured without an xml.codec= setting.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
HTTL 安全漏洞
Vulnerability Description
HTTL(又名Hyper-Text Template Language)是一款开源的Java模板引擎,它主要用于动态HTML页面输出。 HTTL 1.0.11及之前版本中存在安全漏洞,该漏洞源于在没有配置xml.codec时,程序默认使用的是java.beans.XMLEncoder。远程攻击者可利用该漏洞执行命令。
CVSS Information
N/A
Vulnerability Type
N/A