CVE-2024-22533

Name of the Vulnerable Software and Affected Versions Beetl versions prior to 3.15.12

Description The rendering template in Beetl has a server-side template injection (SSTI) vulnerability. When the incoming template is controllable, it will be filtered by the DefaultNativeSecurityManager blacklist. However, because the blacklist filtering is not strict, the blacklist can be bypassed, leading to arbitrary code execution.

Recommendations For versions prior to 3.15.12, update to version 3.15.12 or later to resolve the issue. As a temporary workaround, consider restricting access to the rendering template to minimize the risk of exploitation. Additionally, ensure that the incoming template is not controllable by an attacker to prevent bypassing the DefaultNativeSecurityManager blacklist.