CVE-2023-38286

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-38286

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-38286.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-38286

Aliases

GHSA-7gj7-224w-vpr3

Published

2023-07-14T05:15:09.627Z

Modified

2026-02-13T08:54:54.494410Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Thymeleaf through 3.1.1.RELEASE, as used in spring-boot-admin (aka Spring Boot Admin) through 3.1.1 and other products, allows sandbox bypass via crafted HTML. This may be relevant for SSTI (Server Side Template Injection) and code execution in spring-boot-admin if MailNotifier is enabled and there is write access to environment variables via the UI.

References

https://github.com/p1n93r/SpringBootAdmin-thymeleaf-SSTI

Affected packages

Git / github.com/codecentric/spring-boot-admin

Affected ranges

Type: GIT
Repo: https://github.com/codecentric/spring-boot-admin
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

99d682b9c1044563ba47a186a1f015cb77468f20

Affected versions

1.*

1.0.3

1.0.4

1.1.0

1.1.1

1.1.2

1.2.0

1.2.1

1.2.2

1.2.3

1.2.4

1.3.0

1.3.1

1.3.2

1.3.3

1.3.4

1.3.5

1.3.6

1.4.0

1.4.1

1.4.2

1.4.3

1.4.4

1.5.0

1.5.1

1.5.2

1.5.3

1.5.4

1.5.5

1.5.6

1.5.7

2.*

2.0.0

2.0.1

2.0.2

2.0.3

2.0.4

2.0.5

2.0.6

2.1.0

2.1.1

2.1.2

2.1.3

2.1.4

2.1.5

2.1.6

2.2.0

2.2.1

2.2.2

2.2.3

2.2.4

2.3.0

2.3.1

2.4.0

2.4.1

2.4.2

2.4.3

2.5.0

2.5.1

2.5.2

2.5.3

2.5.4

2.5.5

2.6.0

2.6.1

2.6.2

2.6.3

2.6.4

2.6.5

2.6.6

2.6.7

2.7.0

2.7.1

2.7.10

2.7.2

2.7.3

2.7.4

2.7.5

2.7.6

2.7.7

2.7.8

2.7.9

3.*

3.0.0

3.0.0-M9

3.0.1

3.0.2

3.0.3

3.0.4

3.1.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-38286.json"