| 제목 | wix-incubator jam 0.0 Improper Neutralization of Special Elements Used in a Template E |
|---|
| 설명 | Jam, a tool for generating static HTML files, has a Server - Side Template Injection (SSTI) vulnerability. The lack of proper input validation in handling template data allows attackers to inject malicious Jinja2 code at jam.py. They can either directly insert malicious code into the config['template'] in a YAML file or use a malicious URL in template['url']. This can lead to information disclosure and remote code execution attacks.
More details: https://github.com/wix-incubator/jam/issues/1 |
|---|
| 원천 | ⚠️ https://github.com/wix-incubator/jam/issues/1 |
|---|
| 사용자 | ybdesire (UID 83239) |
|---|
| 제출 | 2025. 04. 10. PM 03:19 (1 년도 ago) |
|---|
| 모더레이션 | 2025. 04. 21. PM 03:07 (11 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 305769 [wix-incubator jam 까지 e87a6fd85cf8fb5ff37b62b2d68f917219d07ae9 Jinja2 Template jam.py config['template']] |
|---|
| 포인트들 | 20 |
|---|