all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

CVE-2023-38286 (spring_boot_admin, thymeleaf)

Add to bookmarks
July 14, 2023, 5:15 a.m. |

National Vulnerability Database web.nvd.nist.gov

Thymeleaf through 3.1.1.RELEASE, as used in spring-boot-admin (aka Spring Boot Admin) through 3.1.1 and other products, allows sandbox bypass via crafted HTML. This may be relevant for SSTI (Server Side Template Injection) and code execution in spring-boot-admin if MailNotifier is enabled and there is write access to environment variables via the UI.

access admin boot bypass code code execution cve environment html injection may products release relevant sandbox server server side spring spring-boot ssti template template injection

Visit resource

More from web.nvd.nist.gov / National Vulnerability Database

CVE-2023-45955 (lightstrip_firmware) 6 months, 2 weeks ago | web.nvd.nist.gov
attackers cve denial of service issue +1
CVE-2023-40101 (android) 6 months, 2 weeks ago | web.nvd.nist.gov
android check collapse cve +7
CVE-2023-21377 (android) 6 months, 2 weeks ago | web.nvd.nist.gov
android bypass cve disclosure +8
CVE-2023-21380 (android) 6 months, 2 weeks ago | web.nvd.nist.gov
android bluetooth buffer buffer overflow +9
CVE-2023-21382 (android) 6 months, 2 weeks ago | web.nvd.nist.gov
access android check cve +11
CVE-2023-21381 (android) 6 months, 2 weeks ago | web.nvd.nist.gov
android arbitrary code code code execution +10
CVE-2023-21385 (android) 6 months, 2 weeks ago | web.nvd.nist.gov
android corruption cve disclosure +7
CVE-2023-21387 (android) 6 months, 2 weeks ago | web.nvd.nist.gov
android backup bypass cve +11
CVE-2023-21389 (android) 6 months, 2 weeks ago | web.nvd.nist.gov
android bypass check cve +10

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada
View on infosec-jobs.com

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA
View on infosec-jobs.com

Information Systems Security Manager (ISSM)

@ Avaya | Irving, TX, US
View on infosec-jobs.com

Senior Cloud Security Engineer

@ BMO | M3704 - BMO Place (33 Dundas West, Toronto, ON) - BMO
View on infosec-jobs.com

Junior DevSecOps Engineer

@ Dark Wolf Solutions | Tampa, FL
View on infosec-jobs.com

Offensive Security Engineer

@ Kaseya | Dundalk, Louth, Ireland
View on infosec-jobs.com