Published: 14/07/2023 Updated: 27/07/2023
CVSS v3 Base Score: 7.5 | Impact Score: 5.9 | Exploitability Score: 1.6
VMScore: 0

Vulnerability Summary

Thymeleaf up to and including 3.1.1.RELEASE, as used in spring-boot-admin (aka Spring Boot Admin) up to and including 3.1.1 and other products, allows sandbox bypass via crafted HTML. This may be relevant for SSTI (Server Side Template Injection) and code execution in spring-boot-admin if MailNotifier is enabled and there is write access to environment variables via the UI.

Vulnerable Product Search on Vulmon Subscribe to Product

thymeleaf thymeleaf

codecentric spring boot admin

Github Repositories

SpringBootAdmin-thymeleaf-SSTI which can cause RCE

CVE-2023-38286 nvdnistgov/vuln/detail/CVE-2023-38286 Additional Vulnerability Description The sandbox bypass mentioned here refers to bypassing certain blacklists of Thymeleaf, rather than leveraging the context for reflection-based escapes or similar techniques Impact All users who run Spring Boot Admin Server, having enabled MailNotifier and write access to environ


微信收藏文章列表 [0x00实验室]-2023-6-16-Webshell绕过360主动防御执行命令md [3072]-2021-9-1-shellcode分析技巧md [360威胁情报中心]-2021-8-16-APT-C-54(Gamaredon)近期技战术总结md [360威胁情报中心]-2023-2-14-APT-C-56(透明部落)伪装简历攻击活动分析md [360漏洞云]-2021-8-13-漏洞复现 Fortinet FortiPortal 远程代