EUVD-2023-1989

Malicious code in bioql PyPI...

CVE-2023-38286

Thymeleaf through 3.1.1.RELEASE, as used in spring-boot-admin aka Spring Boot Admin through 3.1.1 and other products, allows sandbox bypass via crafted HTML. This may be relevant for SSTI Server Side Template Injection and code execution in spring-boot-admin if MailNotifier is enabled and there i...

CVE-2021-43466

In the thymeleaf-spring5:3.0.12 component, thymeleaf combined with specific scenarios in template injection may lead to remote code execution...

My-BBS 安全漏洞

My-BBS is a SpringBoot + Mybatis + Thymeleaf technology implemented BBS forum system by ZHENFENG13 individual developer. There is a security vulnerability in My-BBS version 1.0, which originates from the function Upload in the file src/main/java/com/my/bbs/controller/common/UploadController.java,...

My-BBS 安全漏洞

My-BBS is a SpringBoot + Mybatis + Thymeleaf technology implemented BBS forum system by ZHENFENG13 individual developer. A security vulnerability exists in My-BBS version 1.0, which stems from a cross-site request forgery issue...

starsea-mall 代码注入漏洞

starsea-mall is a springboot +thymeleaf based Xiaomi mall management system by StarSea99 individual developer. A code injection vulnerability exists in starsea-mall version 1.0, which originates from cross-site scripting and may lead to remote attacks...

starsea-mall 安全漏洞

starsea-mall is a springboot +thymeleaf based Xiaomi mall management system by StarSea99 individual developer. A security vulnerability exists in starsea-mall version 1.0, which stems from improper manipulation of the userId parameter, which may lead to improper access control...

starsea-mall 代码注入漏洞

starsea-mall is a springboot +thymeleaf based Xiaomi mall management system by StarSea99 individual developer. A code injection vulnerability exists in starsea-mall version 1.0, which stems from improper manipulation of the redirectUrl parameter and could lead to cross-site scripting attacks...

starsea-mall 安全漏洞

starsea-mall is a springboot +thymeleaf based Xiaomi mall management system by StarSea99 individual developer. A security vulnerability exists in starsea-mall version 1.0, which originates from the parameter file file of the UploadController function in the file...

starsea-mall 安全漏洞

starsea-mall is a springboot +thymeleaf based Xiaomi mall management system by StarSea99 individual developer. A security vulnerability exists in starsea-mall version 1.0, which originates from the parameter categoryName in the file /admin/categories/update that can lead to cross-site scripting...

My-Blog 代码问题漏洞

My-Blog is a Java blog system implemented by SpringBoot + Mybatis + Thymeleaf and other technologies, with beautiful pages, full functionality, easy deployment and perfect code. A code issue vulnerability exists in My-Blog version 1.0, which stems from improper handling of the file parameter,...

This Week in Spring - October 22nd, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring. I write this to you in an Uber speeding down the autobahn near Frankfurt, Germany. What a time to be alive! At the rate this driver's going, I won't have much time to write this before we've arrived, so let's dive right into...

This Week in Spring - October 15th, 2024

Hi, Spring fans! Welcome to another rip-roaring and ever-so-riveting installment of This Week in Spring! I'm in Amsterdam, at the moment, rounding out a week between Antwerp, Beglium, and Amsterdam, the Netherlands. Today I'm off to Dubai for the fantastic GITEX/DevSlam event. Then I return back ...

AI Meets Spring Petclinic: Implementing an AI Assistant with Spring AI (Part I)

Introduction In this two-parts blog post, I will discuss the modifications I made to Spring Petclinic to incorporate an AI assistant that allows users to interact with the application using natural language. Introduction to Spring Petclinic Spring Petclinic serves as the primary reference...

Spring Tips: HTMX

Hi, Spring fans! HTMX is the progressive hypertext sensation that's sweeping the process of web app creation, and - thanks to a nice integration by Spring community legend Wim Deblauwe, it's easier than ever to use it with Spring Boot and Thymeleaf. And, it's the topic of today's installment! jav...

Hypermedia and Browser Enhancement

Front end development these days is dominated by large JavaScript client side frameworks. There are plenty of good reasons for that, but it can be very inefficient for many use cases, and the framework engineering has become extremely complex. In this article, I want to explore a different...

springboot-manager Security Vulnerability

springboot-manager is a backend management system based on SpringBoot + Thymeleaf + Layui + Apache Shiro + Redis + Mybatis Plus by Chinese liwenbin individual developer. A security vulnerability exists in springboot-manager v1.6, which originates from an easy cross-site scripting attack via...

This Week in Spring - July 18th, 2023

Hi, Spring fans! Welcome to another installment of This Week in Spring! I'm in crazy cool Kuala Lumpur, Malaysia. If you're around, I'll be doing a presentation this Thursday the 20th of July, and I'd love to see you there! Then, after a quick vacation, it's off to Tokyo, Japan, where I'll also b...

GHSA-7GJ7-224W-VPR3 Spring-boot-admin sandbox bypass via crafted HTML

Thymeleaf through 3.1.1.RELEASE as used in spring-boot-admin aka Spring Boot Admin through 3.1.1 allows for a sandbox bypass via crafted HTML. This may be relevant for SSTI Server Side Template Injection and code execution in spring-boot-admin if MailNotifier is enabled and there is write access ...

Spring-boot-admin sandbox bypass via crafted HTML

Thymeleaf through 3.1.1.RELEASE as used in spring-boot-admin aka Spring Boot Admin through 3.1.1 allows for a sandbox bypass via crafted HTML. This may be relevant for SSTI Server Side Template Injection and code execution in spring-boot-admin if MailNotifier is enabled and there is write access ...