8 matches found
CVE-2025-49619
Skyvern through 0.1.85 is vulnerable to server-side template injection SSTI in the Prompt field of workflow blocks such as the Navigation v2 Block. Improper sanitization of Jinja2 template input allows authenticated users to inject crafted expressions that are evaluated on the server, leading to...
GHSA-H92G-3XC3-WW2R Skyvern has a Jinja runtime leak
Skyvern through 0.2.0 has a Jinja runtime leak in sdk/workflow/models/block.py...
Skyvern has a Jinja runtime leak
Skyvern through 0.2.0 has a Jinja runtime leak in sdk/workflow/models/block.py...
CVE-2025-49619
Skyvern through 0.1.85 is vulnerable to server-side template injection SSTI in the Prompt field of workflow blocks such as the Navigation v2 Block. Improper sanitization of Jinja2 template input allows authenticated users to inject crafted expressions that are evaluated on the server, leading to...
CVE-2025-49619
Skyvern through 0.1.85 is vulnerable to server-side template injection SSTI in the Prompt field of workflow blocks such as the Navigation v2 Block. Improper sanitization of Jinja2 template input allows authenticated users to inject crafted expressions that are evaluated on the server, leading to...
CVE-2025-49619
Skyvern through 0.1.85 is vulnerable to server-side template injection SSTI in the Prompt field of workflow blocks such as the Navigation v2 Block. Improper sanitization of Jinja2 template input allows authenticated users to inject crafted expressions that are evaluated on the server, leading to...
CVE-2025-49619
Skyvern through 0.1.85 is vulnerable to server-side template injection SSTI in the Prompt field of workflow blocks such as the Navigation v2 Block. Improper sanitization of Jinja2 template input allows authenticated users to inject crafted expressions that are evaluated on the server, leading to...
CVE-2025-49619
Skyvern is affected by a server-side template injection (SSTI) in the Prompt field of workflow blocks (notably Navigation v2). The root cause is improper sanitization of Jinja2 input, allowing an authenticated user to inject expressions that are evaluated server-side, leading to blind remote code...