Vulnerabilities

CVE-2024-22533

by Fred · 02/02/2024

Before Beetl v3.15.12, the rendering template has a server-side template injection (SSTI) vulnerability. When the incoming template is controllable, it will be filtered by the DefaultNativeSecurityManager blacklist. Because blacklist filtering is not strict, the blacklist can be bypassed, leading to arbitrary code execution.

More information : https://gitee.com/xiandafu/beetl/issues/I8RU01

Similar

Tags: Cybersecurity Alert