In the thymeleaf-spring5:3.0.12 component, thymeleaf combined with specific scenarios in template injection may lead to remote code execution.
References
Link | Resource |
---|---|
https://gitee.com/wayne_wwang/wayne_wwang/blob/master/2021/10/31/ruoyi+thymeleaf-rce/index.html | Exploit Third Party Advisory |
https://security.netapp.com/advisory/ntap-20221014-0001/ | Third Party Advisory |
https://vuldb.com/?id.186365 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-11-09T00:00:00
Updated: 2022-10-14T00:00:00
Reserved: 2021-11-08T00:00:00
Link: CVE-2021-43466
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-11-09T12:15:10.693
Modified: 2022-11-03T20:41:38.017
Link: CVE-2021-43466
JSON object: View
Redhat Information
No data.
CWE