Remote Code Execution Vulnerability in Thymeleaf Component by Spring
CVE-2021-43466

9.8CRITICAL

Key Information:

Vendor: Thymeleaf
Status: Thymeleaf
Vendor: CVE Published:; 9 November 2021

What is CVE-2021-43466?

The thymeleaf-spring5 component version 3.0.12 is susceptible to a remote code execution vulnerability due to inadequate validation in template injection scenarios. When exploited, this issue allows an attacker to execute arbitrary code on the affected system, potentially leading to unauthorized data access or control over the application. It is crucial for users of this component to assess their exposure and apply necessary security measures.

References

https://gitee.com/wayne_wwang/wayne_wwang/blob/master/202...

https://vuldb.com/?id.186365

https://security.netapp.com/advisory/ntap-20221014-0001/

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 9, 2021
Vulnerability Reserved
Nov 8, 2021

CVE-2021-43466 Data

JSON