{"detect":{"cwe":"CWE-1336","exploit_examples":["/basic/?greeting={{7*7}}","/basic/?greeting={{ config['VULNLAB_SSTI_BASIC'] }}"],"owasp":"A03:2021 \u2014 Injection (SSTI)","scanner_should_fire":true,"sinks":["flask.render_template_string(user_input)"],"subtype":"jinja2-render-template-string","success_markers":["49","VULNLAB{ssti-jinja2-template-string-rce}"],"tags":["jinja2","flask","render_template_string","rce-capable"]},"lab_url":"/basic/","sink":"flask.render_template_string","slug":"basic","source_url":"/source/basic","summary":"User input rendered as a Flask template. Full Jinja2 evaluation.","title":"Jinja2 SSTI (render_template_string)","vulnerable":true}