CVE-2023-38286

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-38286

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-38286.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-38286

Aliases

GHSA-7gj7-224w-vpr3

Published

2023-07-14T05:15:09Z

Modified

2024-10-12T10:57:23.491930Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Thymeleaf through 3.1.1.RELEASE, as used in spring-boot-admin (aka Spring Boot Admin) through 3.1.1 and other products, allows sandbox bypass via crafted HTML. This may be relevant for SSTI (Server Side Template Injection) and code execution in spring-boot-admin if MailNotifier is enabled and there is write access to environment variables via the UI.

References

https://github.com/p1n93r/SpringBootAdmin-thymeleaf-SSTI

Affected packages

Git / github.com/codecentric/spring-boot-admin

Affected ranges

Type: GIT
Repo: https://github.com/codecentric/spring-boot-admin
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

68d5e0c8a900a34994eaf1776cfc95c143dbe0cb

Last affected

99d682b9c1044563ba47a186a1f015cb77468f20

Type: GIT
Repo: https://github.com/thymeleaf/thymeleaf
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

1995e915be287a534068b4ec0ecfc086389887c8

Last affected

eac55ee4ab20878c5289b3ad1e99dec9c07d3e20

Affected versions

1.*

1.0.3

1.0.4

1.1.0

1.1.1

1.1.2

1.2.0

1.2.1

1.2.2

1.2.3

1.2.4

1.3.0

1.3.1

1.3.2

1.3.3

1.3.4

1.3.5

1.3.6

1.4.0

1.4.1

1.4.2

1.4.3

1.4.4

1.5.0

1.5.1

1.5.2

1.5.3

1.5.4

1.5.5

1.5.6

1.5.7

2.*

2.0.0

2.0.1

2.0.2

2.0.3

2.0.4

2.0.5

2.0.6

2.1.0

2.1.1

2.1.2

2.1.3

2.1.4

2.1.5

2.1.6

2.2.0

2.2.1

2.2.2

2.2.3

2.2.4

2.3.0

2.3.1

2.4.0

2.4.1

2.4.2

2.4.3

2.5.0

2.5.1

2.5.2

2.5.3

2.5.4

2.5.5

2.6.0

2.6.1

2.6.2

2.6.3

2.6.4

2.6.5

2.6.6

2.6.7

2.7.0

2.7.1

2.7.10

2.7.2

2.7.3

2.7.4

2.7.5

2.7.6

2.7.7

2.7.8

2.7.9

Other

20130808

20130822

20131209

20161229

20170104

20170105

FIRST_VIEW_VIEWRESOLVER_IMPL

SPR-14999

SPR-15000

SPRING_BOOT_WEB_REACTIVE_55

reactor-issue-20160731

spr15095

spring4

thymeleafexamples-extrathyme-20120517

thymeleafexamples-extrathyme-20120717

thymeleafexamples-extrathyme-20120818

thymeleafexamples-extrathyme-20120910

thymeleafexamples-extrathyme-20121017

thymeleafexamples-extrathyme-20121220

thymeleafexamples-extrathyme-20130224

thymeleafexamples-extrathyme-20130411

thymeleafexamples-extrathyme-20130609

thymeleafexamples-extrathyme-20131104

thymeleafexamples-extrathyme-20140513

thymeleafexamples-extrathyme-20140704

thymeleafexamples-gtvg-20120517

thymeleafexamples-gtvg-20120717

thymeleafexamples-gtvg-20120818

thymeleafexamples-gtvg-20120910

thymeleafexamples-gtvg-20121017

thymeleafexamples-gtvg-20121220

thymeleafexamples-gtvg-20130224

thymeleafexamples-gtvg-20130411

thymeleafexamples-gtvg-20130609

thymeleafexamples-gtvg-20131104

thymeleafexamples-gtvg-20140513

thymeleafexamples-sayhello-20120517

thymeleafexamples-sayhello-20120717

thymeleafexamples-sayhello-20120818

thymeleafexamples-sayhello-20120910

thymeleafexamples-sayhello-20121017

thymeleafexamples-sayhello-20121220

thymeleafexamples-sayhello-20130224

thymeleafexamples-sayhello-20130411

thymeleafexamples-sayhello-20130609

thymeleafexamples-sayhello-20131104

thymeleafexamples-sayhello-20140513

thymeleafexamples-springmail-20120517

thymeleafexamples-springmail-20120717

thymeleafexamples-springmail-20120818

thymeleafexamples-springmail-20120910

thymeleafexamples-springmail-20121017

thymeleafexamples-springmail-20121220

thymeleafexamples-springmail-20130224

thymeleafexamples-springmail-20130411

thymeleafexamples-springmail-20130609

thymeleafexamples-springmail-20131104

thymeleafexamples-springmail-20140513

thymeleafexamples-stsm-20120517

thymeleafexamples-stsm-20120717

thymeleafexamples-stsm-20120818

thymeleafexamples-stsm-20120910

thymeleafexamples-stsm-20121017

thymeleafexamples-stsm-20121220

thymeleafexamples-stsm-20130224

thymeleafexamples-stsm-20130411

thymeleafexamples-stsm-20130609

thymeleafexamples-stsm-20131104

thymeleafexamples-stsm-20140513

thymeleafexamples-stsm-20140704

thymeleafexamples-thvsjsp-20120517

thymeleafexamples-thvsjsp-20120717

thymeleafexamples-thvsjsp-20120818

thymeleafexamples-thvsjsp-20120910

thymeleafexamples-thvsjsp-20121017

thymeleafexamples-thvsjsp-20121220

thymeleafexamples-thvsjsp-20130224

thymeleafexamples-thvsjsp-20130411

thymeleafexamples-thvsjsp-20130609

thymeleafexamples-thvsjsp-20131104

thymeleafexamples-thvsjsp-20140513

thymeleafexamples-thvsjsp-20140704

3.*

3.0.0

3.0.0-M9

3.0.1

3.0.2

3.0.3

3.0.4

3.1.0

3.1.1

thymeleaf-2.*

thymeleaf-2.0.0

thymeleaf-2.0.0-beta1

thymeleaf-2.0.0-beta2

thymeleaf-2.0.1

thymeleaf-2.0.10

thymeleaf-2.0.11

thymeleaf-2.0.12

thymeleaf-2.0.13

thymeleaf-2.0.14

thymeleaf-2.0.15

thymeleaf-2.0.16

thymeleaf-2.0.2

thymeleaf-2.0.3

thymeleaf-2.0.4

thymeleaf-2.0.5

thymeleaf-2.0.6

thymeleaf-2.0.7

thymeleaf-2.0.8

thymeleaf-2.0.9

thymeleaf-2.1.0-beta1

thymeleaf-2.1.0-beta2

thymeleaf-2.1.0-m1

thymeleaf-2.1.0-m2

thymeleaf-2.1.0-m3

thymeleaf-2.1.0.RELEASE

thymeleaf-2.1.1.RELEASE

thymeleaf-2.1.2.RELEASE

thymeleaf-2.1.3.RELEASE

thymeleaf-3.*

thymeleaf-3.0.0.ALPHA01

thymeleaf-3.0.0.ALPHA02

thymeleaf-3.0.0.ALPHA03

thymeleaf-3.0.0.BETA01

thymeleaf-3.0.0.BETA02

thymeleaf-3.0.0.BETA03

thymeleaf-3.0.0.RELEASE

thymeleaf-3.0.1.RELEASE

thymeleaf-3.0.10.RELEASE

thymeleaf-3.0.11.RELEASE

thymeleaf-3.0.12.RELEASE

thymeleaf-3.0.13.RELEASE

thymeleaf-3.0.14.RELEASE

thymeleaf-3.0.2.RELEASE

thymeleaf-3.0.3.RELEASE

thymeleaf-3.0.4.RELEASE

thymeleaf-3.0.5.RELEASE

thymeleaf-3.0.6.RELEASE

thymeleaf-3.0.7.RELEASE

thymeleaf-3.0.8.RELEASE

thymeleaf-3.0.9.RELEASE

thymeleaf-3.1.0.M1

thymeleaf-3.1.0.M2

thymeleaf-3.1.0.M2-dev01

thymeleaf-3.1.0.M3

thymeleaf-3.1.0.RC1

thymeleaf-3.1.0.RC2

thymeleaf-3.1.0.RELEASE

thymeleaf-3.1.1.RELEASE

thymeleaf-dist-3.*

thymeleaf-dist-3.0.0.BETA01

thymeleaf-dist-3.0.0.BETA02

thymeleaf-dist-3.0.13.RELEASE

thymeleaf-dist-3.0.14.RELEASE

thymeleaf-dist-3.0.15.RELEASE

thymeleaf-dist-3.1.0.M1

thymeleaf-extras-springsecurity3-1.*

thymeleaf-extras-springsecurity3-1.0.0-beta1

thymeleaf-extras-springsecurity3-1.0.0-beta2

thymeleaf-extras-springsecurity3-2.*

thymeleaf-extras-springsecurity3-2.0.0

thymeleaf-extras-springsecurity3-2.1.0-beta1

thymeleaf-extras-springsecurity3-2.1.0-beta2

thymeleaf-extras-springsecurity3-2.1.0.RELEASE

thymeleaf-extras-springsecurity3-2.1.1.RELEASE

thymeleaf-extras-springsecurity3-2.1.2.RELEASE

thymeleaf-extras-springsecurity3-3.*

thymeleaf-extras-springsecurity3-3.0.0.ALPHA03

thymeleaf-extras-springsecurity3-3.0.0.BETA01

thymeleaf-extras-springsecurity3-3.0.0.BETA02

thymeleaf-extras-springsecurity3-3.0.0.BETA03

thymeleaf-extras-springsecurity3-3.0.0.RELEASE

thymeleaf-extras-springsecurity3-3.0.1.RELEASE

thymeleaf-extras-springsecurity3-3.0.2.RELEASE

thymeleaf-extras-springsecurity3-3.0.3.RELEASE

thymeleaf-extras-springsecurity3-3.0.4.RELEASE

thymeleaf-extras-springsecurity4-2.*

thymeleaf-extras-springsecurity4-2.1.2.RELEASE

thymeleaf-extras-springsecurity4-3.*

thymeleaf-extras-springsecurity4-3.0.0.ALPHA03

thymeleaf-extras-springsecurity4-3.0.0.BETA01

thymeleaf-extras-springsecurity4-3.0.0.BETA02

thymeleaf-extras-springsecurity4-3.0.0.BETA03

thymeleaf-extras-springsecurity4-3.0.0.RELEASE

thymeleaf-extras-springsecurity4-3.0.1.RELEASE

thymeleaf-extras-springsecurity4-3.0.2.RELEASE

thymeleaf-extras-springsecurity4-3.0.3.RELEASE

thymeleaf-extras-springsecurity4-3.0.4.RELEASE

thymeleaf-extras-springsecurity5-3.*

thymeleaf-extras-springsecurity5-3.0.3.RELEASE

thymeleaf-extras-springsecurity5-3.0.4.RELEASE

thymeleaf-extras-springsecurity5-3.1.0.M1

thymeleaf-extras-springsecurity6-3.*

thymeleaf-extras-springsecurity6-3.1.0.M1

thymeleaf-spring3-2.*

thymeleaf-spring3-2.0.0

thymeleaf-spring3-2.0.0-beta1

thymeleaf-spring3-2.0.0-beta2

thymeleaf-spring3-2.0.1

thymeleaf-spring3-2.0.10

thymeleaf-spring3-2.0.11

thymeleaf-spring3-2.0.12

thymeleaf-spring3-2.0.13

thymeleaf-spring3-2.0.14

thymeleaf-spring3-2.0.15

thymeleaf-spring3-2.0.16

thymeleaf-spring3-2.0.2

thymeleaf-spring3-2.0.3

thymeleaf-spring3-2.0.4

thymeleaf-spring3-2.0.5

thymeleaf-spring3-2.0.6

thymeleaf-spring3-2.0.7

thymeleaf-spring3-2.0.8

thymeleaf-spring3-2.0.9

thymeleaf-spring3-2.1.0-beta1

thymeleaf-spring3-2.1.0-beta2

thymeleaf-spring3-2.1.0-m1

thymeleaf-spring3-2.1.0-m2

thymeleaf-spring3-2.1.0-m3

thymeleaf-spring3-2.1.0.RELEASE

thymeleaf-spring3-2.1.1.RELEASE

thymeleaf-spring3-2.1.2.RELEASE

thymeleaf-spring3-2.1.3.RELEASE

thymeleaf-spring3-3.*

thymeleaf-spring3-3.0.0.ALPHA01

thymeleaf-spring3-3.0.0.ALPHA02

thymeleaf-spring3-3.0.0.ALPHA03

thymeleaf-spring3-3.0.0.BETA01

thymeleaf-spring3-3.0.0.BETA02

thymeleaf-spring3-3.0.0.BETA03

thymeleaf-spring3-3.0.0.RELEASE

thymeleaf-spring3-3.0.1.RELEASE

thymeleaf-spring3-3.0.10.RELEASE

thymeleaf-spring3-3.0.11.RELEASE

thymeleaf-spring3-3.0.12.RELEASE

thymeleaf-spring3-3.0.13.RELEASE

thymeleaf-spring3-3.0.14.RELEASE

thymeleaf-spring3-3.0.2.RELEASE

thymeleaf-spring3-3.0.3.RELEASE

thymeleaf-spring3-3.0.4.RELEASE

thymeleaf-spring3-3.0.5.RELEASE

thymeleaf-spring3-3.0.6.RELEASE

thymeleaf-spring3-3.0.7.RELEASE

thymeleaf-spring3-3.0.8.RELEASE

thymeleaf-spring3-3.0.9.RELEASE

thymeleaf-spring4-2.*

thymeleaf-spring4-2.1.2.RELEASE

thymeleaf-spring4-2.1.3.RELEASE

thymeleaf-spring4-3.*

thymeleaf-spring4-3.0.0.ALPHA01

thymeleaf-spring4-3.0.0.ALPHA02

thymeleaf-spring4-3.0.0.ALPHA03

thymeleaf-spring4-3.0.0.BETA01

thymeleaf-spring4-3.0.0.BETA02

thymeleaf-spring4-3.0.0.BETA03

thymeleaf-spring4-3.0.0.RELEASE

thymeleaf-spring4-3.0.1.RELEASE

thymeleaf-spring4-3.0.10.RELEASE

thymeleaf-spring4-3.0.11.RELEASE

thymeleaf-spring4-3.0.12.RELEASE

thymeleaf-spring4-3.0.13.RELEASE

thymeleaf-spring4-3.0.14.RELEASE

thymeleaf-spring4-3.0.2.RELEASE

thymeleaf-spring4-3.0.3.RELEASE

thymeleaf-spring4-3.0.4.RELEASE

thymeleaf-spring4-3.0.5.RELEASE

thymeleaf-spring4-3.0.6.RELEASE

thymeleaf-spring4-3.0.7.RELEASE

thymeleaf-spring4-3.0.8.RELEASE

thymeleaf-spring4-3.0.9.RELEASE

thymeleaf-spring5-3.*

thymeleaf-spring5-3.0.10.RELEASE

thymeleaf-spring5-3.0.11.RELEASE

thymeleaf-spring5-3.0.12.RELEASE

thymeleaf-spring5-3.0.13.RELEASE

thymeleaf-spring5-3.0.14.RELEASE

thymeleaf-spring5-3.0.3.M1

thymeleaf-spring5-3.0.4.M2

thymeleaf-spring5-3.0.5.M3

thymeleaf-spring5-3.0.6.M4

thymeleaf-spring5-3.0.7.RC1

thymeleaf-spring5-3.0.8.RELEASE

thymeleaf-spring5-3.0.9.RELEASE

thymeleaf-spring5-3.1.0.M1

thymeleaf-spring6-3.*

thymeleaf-spring6-3.1.0.M1

thymeleaf-testing-2.*

thymeleaf-testing-2.0.0

thymeleaf-testing-2.0.0-beta1

thymeleaf-testing-2.0.0-beta2

thymeleaf-testing-2.0.0-beta3

thymeleaf-testing-2.0.0-beta4

thymeleaf-testing-2.0.0-beta5

thymeleaf-testing-2.0.1

thymeleaf-testing-2.0.2

thymeleaf-testing-2.0.3

thymeleaf-testing-2.1.0-beta1

thymeleaf-testing-2.1.0-beta2

thymeleaf-testing-2.1.0.RELEASE

thymeleaf-testing-2.1.1.RELEASE

thymeleaf-testing-2.1.2.RELEASE

thymeleaf-testing-2.1.3.RELEASE

thymeleaf-testing-2.1.4.RELEASE

thymeleaf-testing-3.*

thymeleaf-testing-3.0.0.ALPHA01

thymeleaf-testing-3.0.0.ALPHA02

thymeleaf-testing-3.0.0.ALPHA03

thymeleaf-testing-3.0.0.BETA01

thymeleaf-testing-3.0.0.BETA02

thymeleaf-testing-3.0.0.BETA03

thymeleaf-testing-3.0.0.RELEASE

thymeleaf-testing-3.0.1.RELEASE

thymeleaf-testing-3.0.2.RELEASE

thymeleaf-testing-3.0.3.RELEASE

thymeleaf-testing-3.0.4.RELEASE

thymeleaf-testing-3.1.0.M1

thymeleaf-testing-spring5-3.*

thymeleaf-testing-spring5-3.1.0.M1

thymeleaf-testing-spring6-3.*

thymeleaf-testing-spring6-3.1.0.M1