org.thymeleaf:thymeleaf@3.1.0.RELEASE

3.1.3.RELEASE

15 years ago

1 years ago

Direct Vulnerabilities

Known vulnerabilities in the org.thymeleaf:thymeleaf package. This does not include vulnerabilities belonging to this package’s dependencies.

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Vulnerability	Vulnerable Version
C Template Injection Affected versions of this package are vulnerable to Template Injection due to the `TemplateEngine`'s improper invalidation of certain syntactic patterns during expression evaluation. An attacker can inject into sensitive objects to execute unauthorized actions. How to fix Template Injection? Upgrade `org.thymeleaf:thymeleaf` to version 3.1.4.RELEASE or higher.	[,3.1.4.RELEASE)
C Template Injection Affected versions of this package are vulnerable to Template Injection due to the `TemplateEngine`'s improper restriction of accessible object scope during expression evaluation. An attacker can inject into sensitive objects to execute unauthorized actions. How to fix Template Injection? Upgrade `org.thymeleaf:thymeleaf` to version 3.1.4.RELEASE or higher.	[,3.1.4.RELEASE)
C Sandbox Bypass Affected versions of this package are vulnerable to Sandbox Bypass due to insufficient checks, by allowing an attacker to execute arbitrary code via a crafted HTML. How to fix Sandbox Bypass? Upgrade `org.thymeleaf:thymeleaf` to version 3.1.2.RELEASE or higher.	[,3.1.2.RELEASE)