← Bug classes
CWE-94 · Improper Control of Generation of Code

Server-Side Template Injection

CWE-94 2 case studies

Server-Side Template Injection (SSTI) happens when user-controlled data is embedded directly into a template string that the server then evaluates. Template engines like Jinja2, Blade, and Twig are designed to execute code — so once an attacker can inject template syntax, they can run arbitrary expressions on the server process.

Traditional code review struggles with SSTI because the vulnerability lives at the boundary between data and code. A variable that looks safe in isolation becomes dangerous when it reaches a render() call without proper escaping. Reviewers often miss it because the template and the data assignment are in different files, or because the framework "auto-escapes" in most contexts but not in the specific code path being reviewed.

PullLight traces data flows across files and flags any render() or eval() call where the argument includes a value that has touched user input — including indirect paths through function parameters, database columns loaded from user-provided IDs, and config values that can be set per-user. It surfaces the full chain in the review comment so engineers can immediately see where the taint originates.

Case studies in this class

10.0
CVSS
CVE-2025-53833
Pre-Auth RCE via Unescaped Blade Template Injection
CVE-2025-53833 — LaRecipe SSTI RCE
LaRecipe
9.8
CVSS
CVE-2025-66434
Pre-Auth RCE via Unescaped Jinja2 Template Context
CVE-2025-66434 — ERPNext Dunning SSTI RCE
Frappe ERPNext

Frequently asked questions

What is Server-Side Template Injection?
SSTI occurs when an application incorporates user input into a server-side template in an unsafe way, allowing attackers to inject and execute template directives that can lead to arbitrary code execution, data exfiltration, or full server compromise.
How do you prevent SSTI?
Render templates with static strings only. Never concatenate user input into a template expression. Use template engines in "sandboxed" mode where available, and explicitly HTML-escape any dynamic values before passing them to the template context.
Can AI catch SSTI in code review?
Yes — AI review is well-suited for SSTI because it can trace data flow across multiple files and method calls, spotting cases where a value that looks benign at declaration gets used unsafely in a template render call several layers deep.
Has PullLight caught real SSTI vulnerabilities?
Yes. PullLight flagged SSTI in LaRecipe (CVE-2025-53833, CVSS 10.0) and ERPNext (CVE-2025-66434, CVSS 9.8) — both pre-auth RCE via unescaped template injection.
PullLight catches Server-Side Template Injection in live code review.
Hooks into GitHub PRs automatically — flags taint flows, not just lint rules.
Try the live demo →
See an example review comment: Browse AI code review examples →