CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine

Base Incomplete Simple

CWE版本: 4.18

更新日期: 2025-09-09

弱点描述

The product uses a template engine to insert or process externally-influenced input, but it does not neutralize or incorrectly neutralizes special elements or syntax that can be interpreted as template expressions or other code directives when processed by the engine.

常见后果

影响范围: Integrity

技术影响: Execute Unauthorized Code or Commands

潜在缓解措施

阶段: Architecture and Design

描述: Choose a template engine that offers a sandbox or restricted mode, or at least limits the power of any available expressions, function calls, or commands.

阶段: Implementation

描述: Use the template engine's sandbox or restricted mode, if available.

观察示例

参考: CVE-2024-34359

Chain: Python bindings for LLM library do not use a sandboxed environment when parsing a template and constructing a prompt, allowing jinja2 Server Side Template Injection and code execution - one variant of a "prompt injection" attack.

参考: CVE-2017-16783

server-side template injection in content management server

参考: CVE-2020-9437

authentication / identity management product has client-side template injection

参考: CVE-2020-12790

Server-Side Template Injection using a Twig template

参考: CVE-2021-21244

devops platform allows SSTI

参考: CVE-2020-4027

bypass of Server-Side Template Injection protection mechanism with macros in Velocity templates

参考: CVE-2020-26282

web browser proxy server allows Java EL expressions from Server-Side Template Injection

参考: CVE-2020-1961

SSTI involving mail templates and JEXL expressions

参考: CVE-2019-19999

product does not use a "safe" setting for a FreeMarker configuration, allowing SSTI

参考: CVE-2018-20465

product allows read of sensitive database username/password variables using server-side template injection

引入模式

阶段	说明
Architecture and Design	The developer might choose a template engine that makes it easier for programmers to write vulnerable code.
Implementation	The programmer might not use engine's built-in sandboxes or other capabilities to escape or otherwise prevent template injection from untrusted input.

适用平台

编程语言

Java (Undetermined) PHP (Undetermined) Python (Undetermined) JavaScript (Undetermined) Interpreted (Undetermined)

操作系统

Not OS-Specific (Undetermined)

技术

AI/ML (Undetermined) Client Server (Undetermined)

关键信息

CWE ID: CWE-1336

抽象级别: Base

结构: Simple

状态: Incomplete