漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
Vulnerability Description
Thymeleaf through 3.1.1.RELEASE, as used in spring-boot-admin (aka Spring Boot Admin) through 3.1.1 and other products, allows sandbox bypass via crafted HTML. This may be relevant for SSTI (Server Side Template Injection) and code execution in spring-boot-admin if MailNotifier is enabled and there is write access to environment variables via the UI.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Thymeleaf 命令注入漏洞
Vulnerability Description
Thymeleaf-Spring5是Thymeleaf团队的一个适用于 Web 和独立环境的开源现代服务器端 Java 模板引擎。 Thymeleaf 3.1.1.RELEASE版本及之前版本存在安全漏洞。攻击者利用该漏洞可以通过 UI 对环境变量进行写访问。
CVSS Information
N/A
Vulnerability Type
N/A