CVE-2023-38286

moderate-risk
Published 2023-07-14

Thymeleaf through 3.1.1.RELEASE, as used in spring-boot-admin (aka Spring Boot Admin) through 3.1.1 and other products, allows sandbox bypass via crafted HTML. This may be relevant for SSTI (Server Side Template Injection) and code execution in spring-boot-admin if MailNotifier is enabled and there is write access to environment variables via the UI.

Do I need to act?

-
0.14% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / HIGH complexity

Affected Products (2)

Thymeleaf

Affected Vendors

Thymeleaf Codecentric

References (2)

Exploit https://github.com/p1n93r/SpringBootAdmin-thymeleaf-SSTI
Exploit https://github.com/p1n93r/SpringBootAdmin-thymeleaf-SSTI
30
/ 100
moderate-risk
Severity 22/34 · High
Exploitability 1/34 · Minimal
Exposure 7/34 · Low