### [CVE-2019-8341](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8341)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

** DISPUTED ** An issue was discovered in Jinja2 2.10. The from_string function is prone to Server Side Template Injection (SSTI) where it takes the "source" parameter as a template object, renders it, and then returns it. The attacker can exploit it with {{INJECTION COMMANDS}} in a URI. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing.

### POC

#### Reference
- https://www.exploit-db.com/exploits/46386/
- https://www.exploit-db.com/exploits/46386/

#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/TesterCC/exp_poc_library
- https://github.com/adindrabkin/llama_facts
- https://github.com/vin01/bogus-cves