In StackStorm versions prior to 3.6.0, the jinja interpreter was not run in sandbox mode and thus allows execution of unsafe system commands. Jinja does not enable sandboxed mode by default due to backwards compatibility. Stackstorm now sets sandboxed mode for jinja by default.
References
Link | Resource |
---|---|
https://github.com/StackStorm/st2/pull/5359 | Patch Third Party Advisory |
https://github.com/pallets/jinja/issues/549 | Exploit Issue Tracking Third Party Advisory |
https://podalirius.net/en/articles/python-vulnerabilities-code-execution-in-jinja-templates/ | Exploit Third Party Advisory |
https://stackstorm.com/2021/12/16/stackstorm-v3-6-0-released/ | Release Notes Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-12-15T14:28:26
Updated: 2021-12-17T18:27:53
Reserved: 2021-12-06T00:00:00
Link: CVE-2021-44657
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-12-15T15:15:11.597
Modified: 2022-07-12T17:42:04.277
Link: CVE-2021-44657
JSON object: View
Redhat Information
No data.
CWE