CVE-2021-44657

Published
View on NVD ↗
CVSS v3
8.8
HIGH
CVSS v2
9
HIGH
Affected
2
PROJECTS

Description

In StackStorm versions prior to 3.6.0, the jinja interpreter was not run in sandbox mode and thus allows execution of unsafe system commands. Jinja does not enable sandboxed mode by default due to backwards compatibility. Stackstorm now sets sandboxed mode for jinja by default.

StackStorm/st2
StackStorm/st2
StackStorm (aka "IFTTT for Ops") is event-driven automation for auto-remediation, incident responses, troubleshooting, deployments, and more for DevOps and SREs. Includes rules engine, workflow, 160 integration packs with 6000+ actions (see https://exchange.stackstorm.org) and ChatOps. Installer at https://docs.stackstorm.com/install/index.html
GitHubGitHub
6.47K
pallets/jinja
pallets/jinja
A very fast and expressive template engine.
GitHubGitHub
11.7K