Vendor
Jdbi's freemarker module is vulnerable to arbitrary command execution when an application permits attacker-influenced text to reach FreemarkerEngine.parse() as template source, affecting org.jdbi:jdbi3-freemarker through version 3.52.1 and potentially leading to RCE.