Code Injection
Apache Standard Taglibs allows remote attackers to execute arbitrary code or conduct external XML entity (XXE) attacks via a crafted XSLT extension in a (1) <x:parse> or (2) <x:transform> JSTL XML tag.
Advisories for Maven/Org.apache.taglibs/Taglibs-Standard-Impl package
2015