Thymeleaf

Thymeleaf

4 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9

CVE-2026-40478

  • EPSS 0.13%
  • Veröffentlicht 17.04.2026 21:57:01
  • Zuletzt bearbeitet 17.04.2026 22:16:33

Thymeleaf is a server-side Java template engine for web and standalone environments. Versions 3.1.3.RELEASE and prior contain a security bypass vulnerability in the the expression execution mechanisms. Although the library provides mechanisms to prev...

9

CVE-2026-40477

  • EPSS 0.13%
  • Veröffentlicht 17.04.2026 21:53:47
  • Zuletzt bearbeitet 17.04.2026 22:16:33

Thymeleaf is a server-side Java template engine for web and standalone environments. Versions 3.1.3.RELEASE and prior contain a security bypass vulnerability in the expression execution mechanisms. Although the library provides mechanisms to prevent ...

7.5

CVE-2023-38286

Exploit
  • EPSS 0.15%
  • Veröffentlicht 14.07.2023 05:15:09
  • Zuletzt bearbeitet 21.11.2024 08:13:13

Thymeleaf through 3.1.1.RELEASE, as used in spring-boot-admin (aka Spring Boot Admin) through 3.1.1 and other products, allows sandbox bypass via crafted HTML. This may be relevant for SSTI (Server Side Template Injection) and code execution in sprin...

9.8

CVE-2021-43466

Exploit
  • EPSS 4.59%
  • Veröffentlicht 09.11.2021 12:15:10
  • Zuletzt bearbeitet 21.11.2024 06:29:17

In the thymeleaf-spring5:3.0.12 component, thymeleaf combined with specific scenarios in template injection may lead to remote code execution.