CVE-2021-43466: 
Java vulnerability analysis and mitigation

CVE-2021-43466 affects thymeleaf-spring5 version 3.0.12. The vulnerability was discovered and disclosed on November 9, 2021. The issue occurs when thymeleaf is combined with specific scenarios in template injection, which may lead to remote code execution. This vulnerability affects systems using the vulnerable thymeleaf-spring5 component (NVD, CVE).

The vulnerability has been assigned a CVSS v3.1 base score of 9.8 (CRITICAL) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. This indicates that the vulnerability can be exploited over the network, requires low attack complexity, needs no privileges or user interaction, and can result in high impact to confidentiality, integrity, and availability. The vulnerability is classified as CWE-94 (Improper Control of Generation of Code - 'Code Injection') (NVD).

Successful exploitation of this vulnerability could lead to disclosure of sensitive information, addition or modification of data, or Denial of Service (DoS). The critical CVSS score of 9.8 indicates that exploitation can result in complete compromise of system confidentiality, integrity, and availability (NetApp Advisory).

Organizations using thymeleaf-spring5 version 3.0.12 should upgrade to a patched version when available. As of the NetApp security advisory, no direct patches were available, and no specific workarounds were provided (NetApp Advisory).