CVE-2021-22053

Applications using both spring-cloud-netflix-hystrix-dashboard and spring-boot-starter-thymeleaf expose a way to execute code submitted within the request URI path during the resolution of view templates. When a request is made at /hystrix/monitor;user-provided data, the path elements following...

CVE-2021-22053

CVE-2021-22053 affects Spring Cloud Netflix Hystrix Dashboard prior to 2.2.10 when used with spring-boot-starter-thymeleaf. The vulnerability arises because request URI path data is evaluated as SpringEL expressions during view template resolution (example: /hystrix/monitor;[data]), enabling remo...

GHSA-QCJ6-JQRG-4WP2 Template injection in thymeleaf-spring5

In the thymeleaf-spring5:3.0.12 component, thymeleaf combined with specific scenarios in template injection may lead to remote code execution...

Template injection in thymeleaf-spring5

In the thymeleaf-spring5:3.0.12 component, thymeleaf combined with specific scenarios in template injection may lead to remote code execution...

CVE-2021-43466

In the thymeleaf-spring5:3.0.12 component, thymeleaf combined with specific scenarios in template injection may lead to remote code execution...

CVE-2021-43466

In the thymeleaf-spring5:3.0.12 component, thymeleaf combined with specific scenarios in template injection may lead to remote code execution...

Remote code execution

In the thymeleaf-spring5:3.0.12 component, thymeleaf combined with specific scenarios in template injection may lead to remote code execution...

PT-2021-23849 · Unknown · Thymeleaf-Spring5

Name of the Vulnerable Software and Affected Versions: thymeleaf-spring5 version 3.0.12 Description: The issue in thymeleaf-spring5 may lead to remote code execution when thymeleaf is combined with specific scenarios in template injection. Recommendations: For thymeleaf-spring5 version 3.0.12, at...

CVE-2021-43466

CVE-2021-43466 affects thymeleaf-spring5, specifically the 3.0.12 release, where template injection in Thymeleaf can lead to remote code execution. The vulnerability is tied to thymeleaf-spring5 usage and template rendering scenarios that enable code execution. Remediation in the provided docs re...

Thymeleaf-Spring5 代码注入漏洞

Thymeleaf-Spring5 is an open source, modern, server-side Java template engine for web and standalone environments from the Thymeleaf team. A security vulnerability exists in Thymeleaf-Spring5, which arises from a networked system or product that does not properly filter specific elements of...

CVE-2021-43466

In the thymeleaf-spring5:3.0.12 component, thymeleaf combined with specific scenarios in template injection may lead to remote code execution...

forum.thymeleaf.org Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1181381 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...