Thymeleaf through 3.1.1.RELEASE, as used in spring-boot-admin (aka Spring Boot Admin) through 3.1.1 and other products, allows sandbox bypass via crafted HTML. This may be relevant for SSTI (Server Side Template Injection) and code execution in spring-boot-admin if MailNotifier is enabled and there is write access to environment variables via the UI.
History

Wed, 30 Oct 2024 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-07-14T00:00:00

Updated: 2024-10-30T16:01:10.933Z

Reserved: 2023-07-14T00:00:00

Link: CVE-2023-38286

cve-icon Vulnrichment

Updated: 2024-08-02T17:39:12.103Z

cve-icon NVD

Status : Modified

Published: 2023-07-14T05:15:09.627

Modified: 2024-11-21T08:13:13.970

Link: CVE-2023-38286

cve-icon Redhat

No data.