1 results (0.004 seconds)
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-22533
https://notcve.org/view.php?id=CVE-2024-22533
Before Beetl v3.15.12, the rendering template has a server-side template injection (SSTI) vulnerability. When the incoming template is controllable, it will be filtered by the DefaultNativeSecurityManager blacklist. Because blacklist filtering is not strict, the blacklist can be bypassed, leading to arbitrary code execution. Beetl, antes de la versión 3.15.12, la plantilla de renderizado tenía una vulnerabilidad de inyección de plantilla del lado del servidor (SSTI). Cuando la plantilla entrante sea controlable, será filtrada por la lista negra de DefaultNativeSecurityManager. • https://gitee.com/xiandafu/beetl/issues/I8RU01 • CWE-94: Improper Control of Generation of Code ('Code Injection') •