Xiandafu Beetl vulnerabilities
2 known vulnerabilities affecting xiandafu/beetl.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1
Vulnerabilities
Page 1 of 1
CVE-2024-22533P2CRITICALCVSS 9.8v3.15.122024-02-02
CVE-2024-22533 [CRITICAL] CWE-94 CVE-2024-22533: Before Beetl v3.15.12, the rendering template has a server-side template injection (SSTI) vulnerabil
Before Beetl v3.15.12, the rendering template has a server-side template injection (SSTI) vulnerability. When the incoming template is controllable, it will be filtered by the DefaultNativeSecurityManager blacklist. Because blacklist filtering is not strict, the blacklist can be bypassed, leading to arbitrary code execution.
nvd
CVE-2026-8759P3HIGHCVSS 7.3v3.20.0v3.20.1+1 more2026-05-17
CVE-2026-8759 [HIGH] CWE-20 CVE-2026-8759: A vulnerability was identified in xiandafu beetl up to 3.20.2. Affected is an unknown function of th
A vulnerability was identified in xiandafu beetl up to 3.20.2. Affected is an unknown function of the file beetl-classic-integration/beetl-spring-classic/src/main/java/org/beetl/ext/spring/SpELFunction.java of the component SpELFunction. The manipulation leads to improper neutralization of special elements used in an expression language statement. Remote
nvd