4 matches found
cn.hserver:hserver-plugin-beetlsql (>=3.1.1 <=3.2.M2), com.ejdoc:jdocGenerate (>=0.6.2 <=0.6.6) +72 more potentially affected by CVE-2024-22533 via com.ibeetl:beetl-core (>=3.12.0.RELEASE <=3.15.12.RELEASE)
com.ibeetl:beetl-core MAVEN version =3.12.0.RELEASE, =3.1.1, =0.6.2, =2.0.0, =2.6.0-release, =2.6.0, =2.6.0-release, =2.6.0, =3.12.0.RELEASE, =3.15.0.RELEASE, =3.15.0.RELEASE, =3.12.0.RELEASE, =3.14.1.RELEASE, =3.12.0.RELEASE, =3.14.1.RELEASE, =3.14.1.RELEASE, =3.15.12.RELEASE and more Source cve...
CVE-2024-22533
Before Beetl v3.15.12, the rendering template has a server-side template injection SSTI vulnerability. When the incoming template is controllable, it will be filtered by the DefaultNativeSecurityManager blacklist. Because blacklist filtering is not strict, the blacklist can be bypassed, leading t...
CVE-2024-22533
Before Beetl v3.15.12, the rendering template has a server-side template injection SSTI vulnerability. When the incoming template is controllable, it will be filtered by the DefaultNativeSecurityManager blacklist. Because blacklist filtering is not strict, the blacklist can be bypassed, leading t...
CVE-2024-22533
Beetl SSTI in versions prior to 3.15.12: the rendering template can be controlled, and the DefaultNativeSecurityManager blacklist is bypassable, enabling arbitrary code execution. Public sources (CVE-2024-22533 and related advisories) confirm the flaw exists in Beetl up to 3.15.11 and is exploita...