CVE-2023-30331: Server-side template injection in beetl

May 4, 2023 (updated May 5, 2023)

An issue in the render function of beetl v3.15.0 allows attackers to execute server-side template injection (SSTI) via a crafted payload.

References

gitee.com/xiandafu/beetl/issues/I6RUIP
github.com/advisories/GHSA-m69h-4frq-vwq7
github.com/luelueking/Beetl-3.15.0-vuln-poc
nvd.nist.gov/vuln/detail/CVE-2023-30331

Detect and mitigate CVE-2023-30331 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →