{"detect":{"cwe":"CWE-1336","exploit_examples":["/filtered/?greeting={{ config['VULNLAB_SSTI_FILTERED'] }}","/filtered/?greeting={{ ''|attr('__cl'+'ass__') }}"],"owasp":"A03:2021 \u2014 Injection (SSTI)","scanner_should_fire":true,"sinks":["render_template_string after substring deny-list"],"subtype":"jinja2-ssti-substring-blocklist-bypass","success_markers":["VULNLAB{ssti-jinja2-filtered-bypass}"],"tags":["jinja2","blocklist-bypass","|attr","string-concat"]},"lab_url":"/filtered/","sink":"flask.render_template_string (after substring blocklist)","slug":"filtered","source_url":"/source/filtered","summary":"render_template_string with a substring deny-list. Trivially bypassable.","title":"Jinja2 SSTI behind a substring blocklist","vulnerable":true}