Description
In the thymeleaf-spring5:3.0.12 component, thymeleaf combined with specific scenarios in template injection may lead to remote code execution.
Remediation
References
https://gitee.com/wayne_wwang/wayne_wwang/blob/master/2021/10/31/ruoyi+thymeleaf-rce/index.html
https://vuldb.com/?id.186365
https://security.netapp.com/advisory/ntap-20221014-0001/
Related Vulnerabilities
CVE-2022-25839 Vulnerability in npm package url-js
CVE-2021-23328 Vulnerability in npm package iniparserjs
CVE-2022-25352 Vulnerability in npm package libnested
CVE-2022-41704 Vulnerability in maven package org.apache.xmlgraphics:batik-bridge
CVE-2022-36093 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web-templates