bug-bounty622
facebook479
xss316
google174
microsoft120
rce102
apple72
csrf60
web355
account-takeover53
writeup51
exploit43
sqli41
dos36
ssrf34
cve33
cloudflare32
privilege-escalation29
defi28
malware27
node26
smart-contract-vulnerability25
idor25
subdomain-takeover24
clickjacking23
smart-contract23
ethereum23
access-control21
react21
vulnerability-disclosure21
reverse-engineering20
auth-bypass19
aws19
remote-code-execution18
lfi18
cloud17
docker17
cors17
oauth17
supply-chain17
race-condition17
info-disclosure16
browser14
authentication-bypass14
solidity14
phishing14
denial-of-service11
sql-injection11
delegatecall11
wordpress10
0
vulnerability
A researcher discovered remote code execution in HubSpot's template engine by exploiting expression language injection in HubL, using reflection to access javax.script.ScriptEngineManager and the Nashorn JavaScript engine to execute arbitrary code. The vulnerability arose from unsafe method calls allowed in the Jinjava-based template parser, which permitted access to Java reflection APIs despite blocking direct access to Runtime and System classes.
rce
expression-language-injection
template-injection
el-injection
java
hubl
jinjava
bug-bounty
nashorn
script-engine-manager
reflection
unsafe-deserialization
HubSpot
HubL
Jinjava
PortSwigger
javax.script.ScriptEngineManager
jdk.nashorn.api.scripting.NashornScriptEngine
com.hubspot.content.hubl.context.TemplateContextRequest