CVE Daily
← All tags

Tag: Server-side Template Injection (SSTI)

All CVEs associated with "Server-side Template Injection (SSTI)". Page 2/2 • 167 CVEs.

Subscribe CVEs: RSS for “Server-side Template Injection (SSTI)”  ·  RSS (High+Critical only)

About “Server-side Template Injection (SSTI)”

A curated feed of “Server-side Template Injection (SSTI)”-related CVEs appears below. We currently track 167 CVEs for this tag (all time). In the last 365 days, 56 were published. Average CVSS is 8.6 (all time; 8.6 over 365d), and 90% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-1336 - Improper Neutralization of Special Elements Used in a Template Engine, CWE-94 - Improper Control of Generation of Code ('Code Injection'), CWE-917 - Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection').

In our taxonomy this topic maps to a HIGH impact class. Common exploitation patterns for this weakness can lead to high. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2022-09-13
Medium

CVE-2022-40634

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker SSTI.

CVSS: 6.4 CWE: CWE-913 - Improper Control of Dynamically-Managed Code Resources View on NVD
2022-09-02
High

CVE-2022-25813

In Apache OFBiz, versions 18.12.05 and earlier, an attacker acting as an anonymous user of the ecommerce plugin, can insert a malicious content in a message “Subject” field from the "Contact us" page…

CVSS: 7.5 CWE: CWE-1336 - Improper Neutralization of Special Elements Used in a Template Engine View on NVD
2022-08-02
High

CVE-2022-34625

Mealie1.0.0beta3 was discovered to contain a Server-Side Template Injection vulnerability, which allows attackers to execute arbitrary code via a crafted Jinja2 template.

CVSS: 7.2 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
2022-06-12
Critical

CVE-2021-41749

In the SEOmatic plugin up to 3.4.11 for Craft CMS 3, it is possible for unauthenticated attackers to perform a Server-Side Template Injection, allowing for remote code execution.

CVSS: 9.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
2022-06-02
Critical

CVE-2020-28246

A Server-Side Template Injection (SSTI) was discovered in Form.io 2.0.0. This leads to Remote Code Execution during deletion of the default Email template URL. NOTE: the email templating service was…

CVSS: 9.8 CWE: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') View on NVD
2022-05-11
High

CVE-2021-42651

A Server Side Template Injection (SSTI) vulnerability in Pentest-Collaboration-Framework v1.0.8 allows an authenticated remote attacker to execute arbitrary code through /project/PROJECTNAME/reports/.

CVSS: 8.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
2022-04-25
Critical

CVE-2022-29078

The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[view options][outputFunctionName]. This is parsed as an internal option, and ov…

CVSS: 9.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
2022-04-11
Critical

CVE-2022-22954

VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side t…

CVSS: 9.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
High

CVE-2021-40219

Bolt CMS <= 4.2 is vulnerable to Remote Code Execution. Unsafe theme rendering allows an authenticated attacker to edit theme to inject server-side template injection that leads to remote code execut…

CVSS: 8.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
2022-03-28
High

CVE-2021-43097

A Server-side Template Injection (SSTI) vulnerability exists in bbs 5.3 in TemplateManageAction.javawhich could let a malicoius user execute arbitrary code.

CVSS: 7.2 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
2022-03-25
Critical

CVE-2021-26622

An remote code execution vulnerability due to SSTI vulnerability and insufficient file name parameter validation was discovered in Genian NAC. Remote attackers are able to execute arbitrary malicious…

CVSS: 9.6 CWE: CWE-20 - Improper Input Validation View on NVD
2022-03-11
Critical

CVE-2021-44618

A Server-side Template Injection (SSTI) vulnerability exists in Nystudio107 Seomatic 3.4.12 in src/helpers/UrlHelper.php via the host header.

CVSS: 9.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
2022-02-25
Critical

CVE-2022-24442

JetBrains YouTrack before 2021.4.40426 was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates.

CVSS: 9.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
2022-02-18
Critical

CVE-2021-46063

MCMS v5.2.5 was discovered to contain a Server Side Template Injection (SSTI) vulnerability via the Template Management module.

CVSS: 9.1 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
2022-02-11
Critical

CVE-2021-46362

A Server-Side Template Injection (SSTI) vulnerability in the Registration and Forgotten Password forms of Magnolia v6.2.3 and below allows attackers to execute arbitrary code via a crafted payload en…

CVSS: 9.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
2022-02-04
Critical

CVE-2021-44978

iCMS <= 8.0.0 allows users to add and render a comtom template, which has a SSTI vulnerability which causes remote code execution.

CVSS: 9.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
2021-09-16
High

CVE-2021-39128

Affected versions of Atlassian Jira Server or Data Center using the Jira Service Management addon allow remote attackers with JIRA Administrators access to execute arbitrary Java code via a server-si…

CVSS: 7.2 CWE: CWE-1336 - Improper Neutralization of Special Elements Used in a Template Engine View on NVD
2021-08-02
High

CVE-2021-35450

A Server Side Template Injection in the Entando Admin Console 6.3.9 and before allows a user with privileges to execute FreeMarker template with command execution via freemarker.template.utility.Exec…

CVSS: 7.2 CWE: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') View on NVD
2021-02-27
Critical

CVE-2021-25283

An issue was discovered in through SaltStack Salt before 3002.5. The jinja renderer does not protect against server side template injection attacks.

CVSS: 9.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
2021-02-03
Critical

CVE-2021-25770

In JetBrains YouTrack before 2020.5.3123, server-side template injection (SSTI) was possible, which could lead to code execution.

CVSS: 9.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
2021-01-15
Critical

CVE-2021-21244

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, There is a vulnerability that enabled pre-auth server side template injection via Bean validation message tampering. Full deta…

CVSS: 10.0 CWE: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') View on NVD
2021-01-08
High

CVE-2020-28468

This affects the package pwntools before 4.3.1. The shellcraft generator for affected versions of this module are vulnerable to Server-Side Template Injection (SSTI), which can lead to remote code ex…

CVSS: 8.1 CWE: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') View on NVD
2020-12-24
Critical

CVE-2020-26282

BrowserUp Proxy allows you to manipulate HTTP requests and responses, capture HTTP content, and export performance data as a HAR file. BrowserUp Proxy works well as a standalone proxy server, but it…

CVSS: 10.0 CWE: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') View on NVD
2020-12-10
High

CVE-2020-25967

The member center function in fastadmin V1.0.0.20200506_beta is vulnerable to a Server-Side Template Injection (SSTI) vulnerability.

CVSS: 8.8 CWE: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') View on NVD
2020-07-08
High

CVE-2020-11994

Server-Side Template Injection and arbitrary file disclosure on Camel templating components

CVSS: 7.5 CWE: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') View on NVD
2020-07-03
Critical

CVE-2020-14172

This issue exists to document that a security improvement in the way that Jira Server and Data Center use velocity templates has been implemented. The way in which velocity templates were used in Atl…

CVSS: 9.8 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
2020-06-23
Critical

CVE-2019-20409

The way in which velocity templates were used in Atlassian Jira Server and Data Center prior to version 8.8.0 allowed remote attackers to gain remote code execution if they were able to exploit a ser…

CVSS: 9.8 CWE: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') View on NVD
2020-05-11
High

CVE-2020-12790

In the SEOmatic plugin before 3.2.49 for Craft CMS, helpers/DynamicMeta.php does not properly sanitize the URL. This leads to Server-Side Template Injection and credentials disclosure via a crafted T…

CVSS: 7.5 CWE: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') View on NVD
2020-05-07
High

CVE-2020-11056

In Sprout Forms before 3.9.0, there is a potential Server-Side Template Injection vulnerability when using custom fields in Notification Emails which could lead to the execution of Twig code. This ha…

CVSS: 7.4 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
2020-05-04
Critical

CVE-2020-1961

Vulnerability to Server-Side Template Injection on Mail templates for Apache Syncope 2.0.X releases prior to 2.0.15, 2.1.X releases prior to 2.1.6, enabling attackers to inject arbitrary JEXL express…

CVSS: 9.8 CWE: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') View on NVD
Critical

CVE-2020-1959

A Server-Side Template Injection was identified in Apache Syncope prior to 2.1.6 enabling attackers to inject arbitrary Java EL expressions, leading to an unauthenticated Remote Code Execution (RCE)…

CVSS: 9.8 CWE: CWE-917 - Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') View on NVD
2020-04-10
High

CVE-2020-11002

dropwizard-validation before versions 2.0.3 and 1.3.21 has a remote code execution vulnerability. A server-side template injection was identified in the self-validating feature enabling attackers to…

CVSS: 8.0 CWE: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') View on NVD
2020-03-18
High

CVE-2019-18582

Dell EMC Data Protection Advisor versions 6.3, 6.4, 6.5, 18.2 versions prior to patch 83, and 19.1 versions prior to patch 71 contain a server-side template injection vulnerability in the REST API. A…

CVSS: 7.2 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
2020-03-04
Critical

CVE-2020-9757

The SEOmatic component before 3.3.0 for Craft CMS allows Server-Side Template Injection that leads to RCE via malformed data to the metacontainers controller.

CVSS: 9.8 CWE: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') View on NVD
2019-12-26
High

CVE-2019-19999

Halo before 1.2.0-beta.1 allows Server Side Template Injection (SSTI) because TemplateClassResolver.SAFER_RESOLVER is not used in the FreeMarker configuration.

CVSS: 7.2 CWE: CWE-918 - Server-Side Request Forgery (SSRF) View on NVD
2019-08-12
Critical

CVE-2019-14965

An issue was discovered in Frappe Framework 10 through 12 before 12.0.4. A server side template injection (SSTI) issue exists.

CVSS: 9.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
2019-08-09
Critical

CVE-2019-11581

There was a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the SendBulkMail actions. An attacker is able to remotely execute code on sys…

CVSS: 9.8 CWE: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') View on NVD
2019-07-03
Critical

CVE-2019-10100

In JetBrains YouTrack Confluence plugin versions before 1.8.1.3, it was possible to achieve Server Side Template Injection. The attacker could add an Issue macro to the page in Confluence, and use a…

CVSS: 9.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
2019-03-25
Critical

CVE-2019-3396

The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.12.3 (the fixed version for 6.12.x), from version 6.13.0 bef…

CVSS: 9.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2019-02-15
Critical

CVE-2019-8341

An issue was discovered in Jinja2 2.10. The from_string function is prone to Server Side Template Injection (SSTI) where it takes the "source" parameter as a template object, renders it, and then ret…

CVSS: 9.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
2018-12-25
High

CVE-2018-20465

Craft CMS through 3.0.34 allows remote authenticated administrators to read sensitive information via server-side template injection, as demonstrated by a {% string for craft.app.config.DB.user and c…

CVSS: 7.2 CWE: CWE-311 - Missing Encryption of Sensitive Data View on NVD
2018-12-06
High

CVE-2018-19907

A Server-Side Template Injection issue was discovered in Crafter CMS 3.0.18. Attackers with developer privileges may execute OS commands by Creating/Editing a template file (.ftl filetype) that trigg…

CVSS: 8.8 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
2018-08-24
Critical

CVE-2018-11061

RSA NetWitness Platform versions prior to 11.1.0.2 and RSA Security Analytics versions prior to 10.6.6 are vulnerable to a server-side template injection vulnerability due to insecure configuration o…

CVSS: 9.1 CWE: N/A View on NVD
2018-08-06
High

CVE-2018-14716

A Server Side Template Injection (SSTI) was discovered in the SEOmatic plugin before 3.1.4 for Craft CMS, because requests that don't match any elements incorrectly generate the canonicalUrl, and can…

CVSS: 7.5 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
2018-07-10
Critical

CVE-2018-13818

Twig before 2.4.4 allows Server-Side Template Injection (SSTI) via the search search_key parameter. NOTE: the vendor points out that Twig itself is not a web application and states that it is the res…

CVSS: 9.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
2018-03-05
Medium

CVE-2018-7663

An issue was discovered in resources/views/layouts/app.blade.php in Voten.co before 2017-08-25. An unescaped template literal in the bio field of a user profile (resources/views/layouts/app.blade.php…

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2017-11-10
Critical

CVE-2017-16783

In CMS Made Simple 2.1.6, there is Server-Side Template Injection via the cntnt01detailtemplate parameter.

CVSS: 9.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD