cve/2021/CVE-2021-44657.md

### [CVE-2021-44657](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44657)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

In StackStorm versions prior to 3.6.0, the jinja interpreter was not run in sandbox mode and thus allows execution of unsafe system commands. Jinja does not enable sandboxed mode by default due to backwards compatibility. Stackstorm now sets sandboxed mode for jinja by default.

### POC

#### Reference
- https://github.com/pallets/jinja/issues/549
- https://podalirius.net/en/articles/python-vulnerabilities-code-execution-in-jinja-templates/

#### Github
No PoCs found on GitHub currently.
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`### [CVE-2021-44657](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44657)`
			`![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)`

			`### Description`

			`In StackStorm versions prior to 3.6.0, the jinja interpreter was not run in sandbox mode and thus allows execution of unsafe system commands. Jinja does not enable sandboxed mode by default due to backwards compatibility. Stackstorm now sets sandboxed mode for jinja by default.`

			`### POC`

			`#### Reference`
			`- https://github.com/pallets/jinja/issues/549`
			`- https://podalirius.net/en/articles/python-vulnerabilities-code-execution-in-jinja-templates/`

			`#### Github`
			`No PoCs found on GitHub currently.`