SYM_GO_0001 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Neutralization of Special Elements Used in a Template Engine
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine |
| Confidence Level | Medium |
| Impact Level | High |
| Likelihood Level | Low |
Description
User input is being directly incorporated into the template string before parsing with html/template, allowing attackers to inject malicious template code. This can lead to execution of unintended actions on the server side.
Impact
If exploited, an attacker could execute arbitrary template code on the server, potentially exposing sensitive data, altering application behavior, or performing unauthorized actions. This could result in data breaches, privilege escalation, or complete compromise of the application.