Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2023-38286

Good to know:

icon
icon

Date: July 13, 2023

Thymeleaf through 3.1.1.RELEASE, as used in spring-boot-admin (aka Spring Boot Admin) through 3.1.1 and other products, allows sandbox bypass via crafted HTML. This may be relevant for SSTI (Server Side Template Injection) and code execution in spring-boot-admin if MailNotifier is enabled and there is write access to environment variables via the UI.

Language: Java

Severity Score

Related Resources (10)

https://github.com/p1n93r/SpringBootAdmin-thymeleaf-SSTI
https://github.com/codecentric/spring-boot-admin/commit/f1f6ac6f613e1c0afc121c8989f28b4155a6797a
https://github.com/codecentric/spring-boot-admin/issues/2613
https://github.com/codecentric/spring-boot-admin/pull/2615
https://github.com/thymeleaf/thymeleaf/issues/966
https://github.com/codecentric/spring-boot-admin/blob/master/spring-boot-admin-server/pom.xml
https://github.com/codecentric/spring-boot-admin/commit/f1f6ac6f613e1c0afc121c8989f28b4155a6797a#diff-1ea8b144c29588e08221597d56d8be10b4b4a210f248a83f2e837152a3d2e0d7
https://nvd.nist.gov/vuln/detail/CVE-2023-38286
https://github.com/codecentric/spring-boot-admin
https://www.mend.io/vulnerability-database/CVE-2023-38286

Severity Score

Weakness Type (CWE)

Command Injection

CWE-77

Top Fix

icon

Upgrade Version

Upgrade to version de.codecentric:spring-boot-admin-server:3.1.2;rg.thymeleaf:thymeleaf:3.1.2.RELEASE

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): LOW
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): HIGH
Availability (A): HIGH

Do you need more information?

Contact Us