Skip to content
← Back to Glossary
Injection

Server-Side Template Injection (SSTI)

Injecting malicious template directives to achieve RCE on the server.

SSTI occurs when user input is embedded in server-side template engines (Jinja2, Handlebars, Pug, etc.) without proper escaping. Attackers inject template directives that execute arbitrary code. Severity ranges from data disclosure to full RCE.

Related Terms

See if your app is vulnerable

Vezraa checks for related security issues. Scan in 25 seconds.

Server-Side Template Injection (SSTI) — Security Glossary | Vezraa