Lucene search
+L

4 matches found

vulnersOsv
vulnersOsv
added 2024/02/02 3:30 a.m.8 views

cn.hserver:hserver-plugin-beetlsql (>=3.1.1 <=3.2.M2), com.ejdoc:jdocGenerate (>=0.6.2 <=0.6.6) +72 more potentially affected by CVE-2024-22533 via com.ibeetl:beetl-core (>=3.12.0.RELEASE <=3.15.12.RELEASE)

com.ibeetl:beetl-core MAVEN version =3.12.0.RELEASE, =3.1.1, =0.6.2, =2.0.0, =2.6.0-release, =2.6.0, =2.6.0-release, =2.6.0, =3.12.0.RELEASE, =3.15.0.RELEASE, =3.15.0.RELEASE, =3.12.0.RELEASE, =3.14.1.RELEASE, =3.12.0.RELEASE, =3.14.1.RELEASE, =3.14.1.RELEASE, =3.15.12.RELEASE and more Source cve...

9.8CVSS7.2AI score0.01028EPSS
Exploits1
NVD
NVD
added 2024/02/02 3:15 a.m.21 views

CVE-2024-22533

Before Beetl v3.15.12, the rendering template has a server-side template injection SSTI vulnerability. When the incoming template is controllable, it will be filtered by the DefaultNativeSecurityManager blacklist. Because blacklist filtering is not strict, the blacklist can be bypassed, leading t...

9.8CVSS9.8AI score0.01028EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/02/02 12:0 a.m.28 views

CVE-2024-22533

Before Beetl v3.15.12, the rendering template has a server-side template injection SSTI vulnerability. When the incoming template is controllable, it will be filtered by the DefaultNativeSecurityManager blacklist. Because blacklist filtering is not strict, the blacklist can be bypassed, leading t...

10AI score0.01028EPSS
Exploits1References1
CVE
CVE
added 2024/02/02 12:0 a.m.60 views

CVE-2024-22533

Beetl SSTI in versions prior to 3.15.12: the rendering template can be controlled, and the DefaultNativeSecurityManager blacklist is bypassable, enabling arbitrary code execution. Public sources (CVE-2024-22533 and related advisories) confirm the flaw exists in Beetl up to 3.15.11 and is exploita...

9.8CVSS9.8AI score0.01028EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder