Critical Vulnerability (CVE-2021-43466) reported in thymeleaf 3.0.12.RELEASE

Question

chandra-srk opened this issue 3 years ago · 2 comments

Version of Thymeleaf.
thymeleaf-3.0.12.RELEASE.jar
Environment: versions of Spring, Spring Boot, or any other relevant libraries.
spring-boot 2.5.6
Detailed steps to reproduce your issue.
Added the above mentioned dependency in pom.xml of the project and scanned the project for vulnerabilities using OWASP Dependency Check. It reported critical vulnerability (CVE-2021-43466) in thymeleaf-3.0.12.RELEASE.jar.

CVE details can be accessed here.
https://nvd.nist.gov/vuln/detail/CVE-2021-43466
Any possible workarounds you may have found.
No

Answer 1 · 2021-11-24T10:02:32.000Z

This is a duplicate of #263.

Answer 2 · 2021-12-01T16:28:07.000Z

The fix is available now in Maven Repository through 3.0.13.RELEASE. Appreciate quick turn around time @danielfernandez