4 matches found
Ttemplate Injection
skyvern is vulnerable to Template injection . The vulnerability is due to improper handling of Jinja templates in sdk/workflow/models/block.py, which allows unintended data to be exposed at runtime...
CVE-2025-49619
Skyvern through 0.1.85 is vulnerable to server-side template injection SSTI in the Prompt field of workflow blocks such as the Navigation v2 Block. Improper sanitization of Jinja2 template input allows authenticated users to inject crafted expressions that are evaluated on the server, leading to...
PT-2025-24341
Name of the Vulnerable Software and Affected Versions Skyvern versions 0.1.0 through 0.1.85 Description The issue is related to a Jinja runtime leak in the sdk/workflow/models/block.py file. This leak can potentially be exploited, although specific details about real-world incidents or the...
CVE-2025-49619
Skyvern through 0.1.85 is vulnerable to server-side template injection SSTI in the Prompt field of workflow blocks such as the Navigation v2 Block. Improper sanitization of Jinja2 template input allows authenticated users to inject crafted expressions that are evaluated on the server, leading to...