Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Thymeleaf through 3.1.1.RELEASE, as used in spring-boot-admin (aka Spring Boot Admin) through 3.1.1 and other products, allows sandbox bypass via crafted HTML. This may be relevant for SSTI (Server Side Template Injection) and code execution in spring-boot-admin if MailNotifier is enabled and there is write access to environment variables via the UI.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Thymeleaf 命令注入漏洞
Vulnerability Description
Thymeleaf-Spring5是Thymeleaf团队的一个适用于 Web 和独立环境的开源现代服务器端 Java 模板引擎。 Thymeleaf 3.1.1.RELEASE版本及之前版本存在安全漏洞。攻击者利用该漏洞可以通过 UI 对环境变量进行写访问。
CVSS Information
N/A
Vulnerability Type
N/A