Skip to main content

Thymeleaf

2 CVEs product

Monthly

CVE-2023-38286 Maven HIGH POC PATCH This Week

Thymeleaf through 3.1.1.RELEASE, as used in spring-boot-admin (aka Spring Boot Admin) through 3.1.1 and other products, allows sandbox bypass via crafted HTML. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Java RCE Command Injection Spring Boot Admin Thymeleaf
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-43466 Maven CRITICAL POC PATCH Act Now

In the thymeleaf-spring5:3.0.12 component, thymeleaf combined with specific scenarios in template injection may lead to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Thymeleaf
NVD VulDB
CVSS 3.1
9.8
EPSS
3.9%
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

Thymeleaf through 3.1.1.RELEASE, as used in spring-boot-admin (aka Spring Boot Admin) through 3.1.1 and other products, allows sandbox bypass via crafted HTML. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Java RCE Command Injection +2
NVD GitHub
EPSS 4% CVSS 9.8
CRITICAL POC PATCH Act Now

In the thymeleaf-spring5:3.0.12 component, thymeleaf combined with specific scenarios in template injection may lead to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Thymeleaf
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy