Lucene search
K

8 matches found

RedhatCVE
RedhatCVE
added 2025/06/09 12:1 a.m.11 views

CVE-2025-49619

Skyvern through 0.1.85 is vulnerable to server-side template injection SSTI in the Prompt field of workflow blocks such as the Navigation v2 Block. Improper sanitization of Jinja2 template input allows authenticated users to inject crafted expressions that are evaluated on the server, leading to...

8.5CVSS8.7AI score0.13746EPSS
Exploits6References1
OSV
OSV
added 2025/06/07 3:30 p.m.4 views

GHSA-H92G-3XC3-WW2R Skyvern has a Jinja runtime leak

Skyvern through 0.2.0 has a Jinja runtime leak in sdk/workflow/models/block.py...

8.5CVSS7.1AI score0.13746EPSS
Exploits6References6
Github Security Blog
Github Security Blog
added 2025/06/07 3:30 p.m.9 views

Skyvern has a Jinja runtime leak

Skyvern through 0.2.0 has a Jinja runtime leak in sdk/workflow/models/block.py...

8.5CVSS8.6AI score0.13746EPSS
Exploits6References6Affected Software1
NVD
NVD
added 2025/06/07 2:15 p.m.12 views

CVE-2025-49619

Skyvern through 0.1.85 is vulnerable to server-side template injection SSTI in the Prompt field of workflow blocks such as the Navigation v2 Block. Improper sanitization of Jinja2 template input allows authenticated users to inject crafted expressions that are evaluated on the server, leading to...

8.5CVSS0.13746EPSS
Exploits6References4
Cvelist
Cvelist
added 2025/06/07 12:0 a.m.25 views

CVE-2025-49619

Skyvern through 0.1.85 is vulnerable to server-side template injection SSTI in the Prompt field of workflow blocks such as the Navigation v2 Block. Improper sanitization of Jinja2 template input allows authenticated users to inject crafted expressions that are evaluated on the server, leading to...

8.5CVSS0.13746EPSS
Exploits6References3
Vulnrichment
Vulnrichment
added 2025/06/07 12:0 a.m.5 views

CVE-2025-49619

Skyvern through 0.1.85 is vulnerable to server-side template injection SSTI in the Prompt field of workflow blocks such as the Navigation v2 Block. Improper sanitization of Jinja2 template input allows authenticated users to inject crafted expressions that are evaluated on the server, leading to...

8.5CVSS8.7AI score0.13746EPSS
Exploits6References3
OSV
OSV
added 2025/06/07 12:0 a.m.6 views

CVE-2025-49619

Skyvern through 0.1.85 is vulnerable to server-side template injection SSTI in the Prompt field of workflow blocks such as the Navigation v2 Block. Improper sanitization of Jinja2 template input allows authenticated users to inject crafted expressions that are evaluated on the server, leading to...

8.5CVSS8.7AI score0.13746EPSS
Exploits6References6
CVE
CVE
added 2025/06/07 12:0 a.m.105 views

CVE-2025-49619

Skyvern is affected by a server-side template injection (SSTI) in the Prompt field of workflow blocks (notably Navigation v2). The root cause is improper sanitization of Jinja2 input, allowing an authenticated user to inject expressions that are evaluated server-side, leading to blind remote code...

8.5CVSS8.7AI score0.13746EPSS
In wildExploits6References4
Rows per page
Query Builder