CVE-2018-19530

HTTL (aka Hyper-Text Template Language) through 1.0.11 allows remote command execution because the decodeXml function uses XStream unsafely when configured with an xml.codec=httl.spi.codecs.XstreamCodec setting. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt