Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ThingsBoard Add Gateway special elements used in a template engine
Vulnerability Description
A vulnerability was detected in ThingsBoard 4.1. This vulnerability affects unknown code of the component Add Gateway Handler. The manipulation leads to improper neutralization of special elements used in a template engine. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor replies, that "[t]he fix will come within upcoming release (v4.2) and will be inherited by maintenance releases of LTS versions (starting 4.0)."
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Vulnerability Type
CWE-1336
Vulnerability Title
ThingsBoard 安全漏洞
Vulnerability Description
ThingsBoard是ThingsBoard团队的一个基于Java用于IOT设备进行监控、管理、数据收集的平台。 ThingsBoard 4.1版本存在安全漏洞,该漏洞源于Add Gateway Handler组件对模板引擎特殊元素中和不当。
CVSS Information
N/A
Vulnerability Type
N/A