CVE-2021-43466

Vulnerable Component Details
Type Namespace Name Version Package URL
maven org.thymeleaf thymeleaf-spring5 3.0.12.RELEASE pkg:maven/org.thymeleaf/thymeleaf-spring5@3.0.12.RELEASE?type=jar
Vulnerability Details
ID CVE-2021-43466
Description In the thymeleaf-spring5:3.0.12 component, thymeleaf combined with specific scenarios in template injection may lead to remote code execution.
Recommendation . || State: fixed | Fix Versions: 3.0.13.RELEASE. || Upgrade to version 3.0.13.RELEASE or above.
Ratings
Severity Score Method Vector Source
9.8 CVSSv31 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H ghsa
6.8 CVSSv2 AV:N/AC:M/Au:N/C:P/I:P/A:P nvd
9.8 CVSSv31 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H nvd
Related Vulnerabilities
Found By Gitlab Gemnasium , Anchore Grype , Sonotype OSS-Index , Aquasec Trivy
References / Advisories
Weakness Enumeration