Wooclee

**Name of the Vulnerable Software and Affected Versions** Beetl versions prior to 3.15.12 **Description** The rendering template in Beetl has a server-side template injection (SSTI) vulnerability. When the incoming template is controllable, it will be filtered by the `DefaultNativeSecurityManager` blacklist. However, because the blacklist filtering is not strict, the blacklist can be bypassed, leading to arbitrary code execution. **Recommendations** For versions prior to 3.15.12, update to version 3.15.12 or later to resolve the issue. As a temporary workaround, consider restricting access to the rendering template to minimize the risk of exploitation. Additionally, ensure that the incoming template is not controllable by an attacker to prevent bypassing the `DefaultNativeSecurityManager` blacklist.