Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.
Training Camp • Cybersecurity Glossary
Server-Side Template Injection SSTI lets attackers inject template directives into engines like Jinja2 or Twig, often escalating to remote code execution.
Server-Side Template Injection (SSTI) Definition: Server-Side Template Injection SSTI lets attackers inject template directives into engines like Jinja2 or Twig, often escalating to remote code execution.
Server-Side Template Injection (SSTI) is a web vulnerability that occurs when user-controlled input is unsafely embedded into a server-side template engine such as Jinja2, Twig, Freemarker, or Velocity, allowing an attacker to inject template directives that the engine evaluates. Because template engines can access objects, methods, and runtime context, successful SSTI frequently escalates to remote code execution or sensitive data disclosure on the server. It is prevented by never concatenating untrusted input into template source and by using sandboxed or logic-less templating with proper context separation.
Turn knowledge into credentials with our instructor-led cybersecurity boot camps.
View All Courses →