CVE-2023-38286

Published: Jul 14, 2023

Modified: Oct 30, 2024

PUBLISHED

Description

Thymeleaf through 3.1.1.RELEASE, as used in spring-boot-admin (aka Spring Boot Admin) through 3.1.1 and other products, allows sandbox bypass via crafted HTML. This may be relevant for SSTI (Server Side Template Injection) and code execution in spring-boot-admin if MailNotifier is enabled and there is write access to environment variables via the UI.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/p1n93r/SpringBootAdmin-thymeleaf-SSTI

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-38286

Description

Affected Products

References