XXE and RCE via XSL extensions in Apache Standard Taglibs
This package allows remote attackers to execute arbitrary code or conduct external XML entity (XXE) attacks via a crafted XSLT extension in a <x:parse> or <x:transform> JSTL XML tag.
Advisories for Maven/Org.apache.taglibs/Taglibs-Standard-Spec package
2015