CVE-2022-46166

The CVE affects Spring Boot Admins with Spring Boot Admin Server where Notifiers (e.g., Teams-Notifier) are enabled and users have write access to environment variables via the UI. The root cause involves potential code execution via the /env actuator endpoint, enabling an attacker to inject or e...

CVE-2023-38286

Thymeleaf 3.1.1.RELEASE (used in Spring Boot Admin up to 3.1.1) is affected by a sandbox bypass via crafted HTML, enabling potential SSTI and code execution if MailNotifier is enabled with write access to environment variables in the UI. Affected products: Thymeleaf 3.1.1.RELEASE and Spring Boot ...