Security Test: SSTI (Server-Side Template Injection)¶

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	Frontend Scanner

Description¶

Default Severity:

Server-Side Template Injection happens when an attacker gets control over a web page's template by injecting content that the server then processes. This usually occurs when user input is directly embedded into a template without proper validation or filtering. Because templates often include powerful built-in functions, if an attacker can control the template, they might even run system commands, access sensitive data, or execute unwanted operations on the server. Developers often fall into the trap of not sanitizing inputs properly or misconfiguring template engines, leaving the door open for serious risks like unauthorized data exposure or complete server compromise if the vulnerability is exploited.

Reference:

https://portswigger.net/web-security/server-side-template-injection

Configuration¶

Identifier: injection/ssti

Examples¶

All configuration available:

checks:
  injection/ssti:
    skip: false # default

Compliance and Standards¶

Standard	Value
OWASP API Top 10	API10:2023
OWASP LLM Top 10	LLM06:2023
PCI DSS	`6.5.1`
GDPR	`Article-32`
SOC2	`CC1`
PSD2	`Article-95`
ISO 27001	`A.14.2`
NIST	`SP800-53`
FedRAMP	`AC-6`
CWE	`94`
CVSS Vector	`CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:F/RL:O/RC:C`
CVSS Score	`6.8`