1. Home
  2. Vulnerabilities
  3. CVE-2024-22533

CVE-2024-22533

CVSS v3.1 9.8 (Critical)
98% Progress
EPSS 0.14 % (51th)
0.14% Progress
Affected Products 1
Advisories 1
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Graph Web & Social Timeline

Before Beetl v3.15.12, the rendering template has a server-side template injection (SSTI) vulnerability. When the incoming template is controllable, it will be filtered by the DefaultNativeSecurityManager blacklist. Because blacklist filtering is not strict, the blacklist can be bypassed, leading to arbitrary code execution.

Weaknesses
CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE Status
PUBLISHED
CNA
MITRE
Published Date
2024-02-02 03:15:11
(7 months ago)
Updated Date
2024-02-10 04:09:13
(7 months ago)

Affected Products

Xiandafu

Configuration #1

    CPE23 From Up To
  Xiandafu Beetl 3.15.12 cpe:2.3:a:xiandafu:beetl:3.15.12