Tag
server-side-template-injection
Safeguard articles tagged "server-side-template-injection" — guides, analysis, and best practices for software supply chain and application security.
3 articles
Vulnerability Analysis
What is Server-Side Template Injection (SSTI)
SSTI lets attackers turn untrusted input into executable template code, often leading to full remote code execution — here's how it works and how to stop it.
Mar 27, 20266 min read
Vulnerability Analysis
Jinja2 sandbox escape (CVE-2022-29361)
CVE-2022-29361 lets attackers bypass Jinja2's SandboxedEnvironment via str.format, reaching unsafe attributes and risking RCE in untrusted-template apps.
Dec 26, 20257 min read
Vulnerability Analysis
Server-side template injection (SSTI) explained
SSTI lets attackers turn template syntax into server-side RCE. See how it works, real CVEs like Confluence's, and how to prevent it.
Dec 10, 20257 min read