11 matches found
EUVD-2023-1989
Malicious code in bioql PyPI...
CVE-2023-38286
Thymeleaf through 3.1.1.RELEASE, as used in spring-boot-admin aka Spring Boot Admin through 3.1.1 and other products, allows sandbox bypass via crafted HTML. This may be relevant for SSTI Server Side Template Injection and code execution in spring-boot-admin if MailNotifier is enabled and there i...
Server-Side Template Injection (SSTI)
spring-boot-admin-server is vulnerable to Server-Side Template Injection SSTI. The vulnerability exists because the mailNotifierTemplateEngine function of AdminServerNotifierAutoConfiguration.java does not properly implement the configuration for ClasspathResourceLoader, which allows an attacker ...
Spring-boot-admin sandbox bypass via crafted HTML
Thymeleaf through 3.1.1.RELEASE as used in spring-boot-admin aka Spring Boot Admin through 3.1.1 allows for a sandbox bypass via crafted HTML. This may be relevant for SSTI Server Side Template Injection and code execution in spring-boot-admin if MailNotifier is enabled and there is write access ...
CVE-2023-38286
Thymeleaf through 3.1.1.RELEASE, as used in spring-boot-admin aka Spring Boot Admin through 3.1.1 and other products, allows sandbox bypass via crafted HTML. This may be relevant for SSTI Server Side Template Injection and code execution in spring-boot-admin if MailNotifier is enabled and there i...
CVE-2023-38286
Thymeleaf through 3.1.1.RELEASE, as used in spring-boot-admin aka Spring Boot Admin through 3.1.1 and other products, allows sandbox bypass via crafted HTML. This may be relevant for SSTI Server Side Template Injection and code execution in spring-boot-admin if MailNotifier is enabled and there i...
CVE-2023-38286
Thymeleaf through 3.1.1.RELEASE, as used in spring-boot-admin aka Spring Boot Admin through 3.1.1 and other products, allows sandbox bypass via crafted HTML. This may be relevant for SSTI Server Side Template Injection and code execution in spring-boot-admin if MailNotifier is enabled and there i...
Design/Logic Flaw
Thymeleaf through 3.1.1.RELEASE, as used in spring-boot-admin aka Spring Boot Admin through 3.1.1 and other products, allows sandbox bypass via crafted HTML. This may be relevant for SSTI Server Side Template Injection and code execution in spring-boot-admin if MailNotifier is enabled and there i...
CVE-2023-38286
Thymeleaf 3.1.1.RELEASE (used in Spring Boot Admin up to 3.1.1) is affected by a sandbox bypass via crafted HTML, enabling potential SSTI and code execution if MailNotifier is enabled with write access to environment variables in the UI. Affected products: Thymeleaf 3.1.1.RELEASE and Spring Boot ...
PT-2023-26346 · Thymeleaf +1 · Thymeleaf +1
Name of the Vulnerable Software and Affected Versions: Thymeleaf versions 3.1.1.RELEASE and earlier spring-boot-admin versions 3.1.1 and earlier Description: The issue allows for a sandbox bypass via crafted HTML, which may be relevant for Server Side Template Injection SSTI and code execution in...
CVE-2023-38286
Thymeleaf through 3.1.1.RELEASE, as used in spring-boot-admin aka Spring Boot Admin through 3.1.1 and other products, allows sandbox bypass via crafted HTML. This may be relevant for SSTI Server Side Template Injection and code execution in spring-boot-admin if MailNotifier is enabled and there i...