Server-Side Template Injection (Java Velocity)

Severity: Critical
Summary#

Invicti detected that this page is vulnerable to Server-Side Template Injection (SSTI) attacks.

Template engine systems can be placed at the View part of MVC based applications and are used to present dynamic data. Template systems have so called expressions.

SSTI occurs when user-supplied data is embedded inside a template and is evaluated as an expression by the template engine.

This is an important issue and should be addressed as soon as possible.

Impact#

An attacker can inject data that can be evaluated as template engine expressions. This may trick a system to execute an arbitrary system command.

Remediation#

Do not trust the data that users supply and don't add it to directly into the template. Instead, pass user controlled parameters to the template as template parameters.

Build your resistance to threats. And save hundreds of hours each month.

Get a demo See how it works