Vulnerabilities > Thymeleaf

DATE CVE VULNERABILITY TITLE RISK
2023-07-14 CVE-2023-38286 Command Injection vulnerability in multiple products
Thymeleaf through 3.1.1.RELEASE, as used in spring-boot-admin (aka Spring Boot Admin) through 3.1.1 and other products, allows sandbox bypass via crafted HTML.
network
high complexity
thymeleaf codecentric CWE-77
7.5
2021-11-09 CVE-2021-43466 Code Injection vulnerability in Thymeleaf 3.0.12
In the thymeleaf-spring5:3.0.12 component, thymeleaf combined with specific scenarios in template injection may lead to remote code execution.
network
low complexity
thymeleaf CWE-94
critical
9.8