4 matches found
SGLang is vulnerable to remote code execution when rendering chat templates from a model file
Overview A remote code execution vulnerability has been discovered in the SGLang project, specifically in the reranking endpoint /v1/rerank. A CVE has been assigned to track the vulnerability; CVE-2026-5760. An attacker can create a malicious model for SGLang to achieve RCE. Successful exploitati...
Linux Distros Unpatched Vulnerability : CVE-2019-8341
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Jinja2 2.10. The fromstring function is prone to Server Side Template Injection SSTI where it takes the source parameter as a templat...
CVE-2025-3804 thautwarm vscode-diana Jinja2 Template Gen.py injection
A vulnerability classified as critical has been found in thautwarm vscode-diana 0.0.1. Affected is an unknown function of the file Gen.py of the component Jinja2 Template Handler. The manipulation leads to injection. Attacking locally is a requirement. The exploit has been disclosed to the public...
CVE-2024-29202 JumpServer vulnerable to Jinja2 template injection in Ansible leads to RCE in Celery
JumpServer is an open source bastion host and an operation and maintenance security audit system. Attackers can exploit a Jinja2 template injection vulnerability in JumpServer's Ansible to execute arbitrary code within the Celery container. Since the Celery container runs with root privileges and...