StackStorm/st2

GitHub

github.com

stackstorm.com

Releases72

Frequency1 month 3 weeks

Last Release 5 months ago

Stars6.47K

StackStorm (aka "IFTTT for Ops") is event-driven automation for auto-remediation, incident responses, troubleshooting, deployments, and more for DevOps and SREs. Includes rules engine, workflow, 160 integration packs with 6000+ actions (see https://exchange.stackstorm.org) and ChatOps. Installer at https://docs.stackstorm.com/install/index.html

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2021-44657 ↗	Dec 15, 2021Wednesday, 15 December 2021, 15:15	8.8 HIGH	9 HIGH
In StackStorm versions prior to 3.6.0, the jinja interpreter was not run in sandbox mode and thus allows execution of unsafe system commands. Jinja does not enable sandboxed mode by default due to backwards compatibility. Stackstorm now sets sandboxed mode for jinja by default.
CVE-2019-9580 ↗	Mar 9, 2019Saturday, 9 March 2019, 04:29	—	4.3 MEDIUM
In st2web in StackStorm Web UI before 2.9.3 and 2.10.x before 2.10.3, it is possible to bypass the CORS protection mechanism via a "null" origin value, potentially leading to XSS.