6 matches found
CVE-2023-30331
An issue in the render function of beetl v3.15.0 allows attackers to execute server-side template injection SSTI via a crafted payload...
cc.hiver:hiver-core (>=1.0 <=1.0.4), cn.eova:eova (>=1.5.0 <=1.6.0) +199 more potentially affected by CVE-2023-30331 via com.ibeetl:beetl (>=2.2.5 <=3.15.0.RELEASE)
com.ibeetl:beetl MAVEN version =2.2.5, =1.0, =1.5.0, =3.0.0, =1.0, =6.2, =0.1.2, =5.0.5, =5.1.5, =1.0.0, =1.0.0, =1.5.5 and more Source cves: CVE-2023-30331 Source advisory: OSV:GHSA-M69H-4FRQ-VWQ7...
CVE-2023-30331
An issue in the render function of beetl v3.15.0 allows attackers to execute server-side template injection SSTI via a crafted payload...
CVE-2023-30331
CVE-2023-30331 affects Beetl v3.15.0 where the render function is vulnerable to server-side template injection (SSTI). The root cause is insufficient checks in the render path, enabling a crafted payload to execute code on the server. The issue is rated CRITICAL (CVSS 3.1: AV:N/AC:L/PR:N/UI:N/S:U...
CVE-2023-30331
An issue in the render function of beetl v3.15.0 allows attackers to execute server-side template injection SSTI via a crafted payload...
CVE-2023-30331
An issue in the render function of beetl v3.15.0 allows attackers to execute server-side template injection SSTI via a crafted payload...