CVE-2023-38286
Thymeleaf 3.1.1.RELEASE (used in Spring Boot Admin up to 3.1.1) is affected by a sandbox bypass via crafted HTML, enabling potential SSTI and code execution if MailNotifier is enabled with write access to environment variables in the UI. Affected products: Thymeleaf 3.1.1.RELEASE and Spring Boot ...