1 results (0.031 seconds)
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-22533
https://notcve.org/view.php?id=CVE-2024-22533
02 Feb 2024 — Before Beetl v3.15.12, the rendering template has a server-side template injection (SSTI) vulnerability. When the incoming template is controllable, it will be filtered by the DefaultNativeSecurityManager blacklist. Because blacklist filtering is not strict, the blacklist can be bypassed, leading to arbitrary code execution. Beetl, antes de la versión 3.15.12, la plantilla de renderizado tenía una vulnerabilidad de inyección de plantilla del lado del servidor (SSTI). Cuando la plantilla entrante sea control... • https://gitee.com/xiandafu/beetl/issues/I8RU01 • CWE-94: Improper Control of Generation of Code ('Code Injection') •