CVE-2025-21621: Freemarker Insecure Conditional Autoescape

FreeMarker HTML auto-escaping is enabled conditionally based on an application method. Without securely defaulting to true, the application may disable HTML auto-escaping by default and expose the system to Cross-Site Scripting (XSS).

Provally CuratedPublic repositoryMediumMedium confidenceVerifiedApache-2.0

Java^β

greprules fetch cve-2025-21621-freemarker-insecure-conditional-autoescape --engine opengrep

Description

License: Apache-2.0
Source context: Public repository
Source: Provally CVE rule catalog
Validation status: Verified
Quality signals: 145 downloads
0 direct145 via packs
· 0 stars · Quality score 68How quality works
Included packs: 2 packs

Community feedback

0 signals from signed-in users.

Useful: 0
False positive: 0
Metadata: 0