What it is#
happens when the application concatenates user input into a template string before handing it to the engine. Jinja2, Twig, Freemarker, Velocity, ERB, and Handlebars all support expression syntax that most developers never intend to expose to untrusted input. The attacker probes with engine-specific fingerprints ({{7*7}}, ${7*7}, <%= 7*7 %>) and then walks the object graph the engine exposes.
Why it matters#
Many template engines grant access to the host language’s reflection primitives. From Jinja2, __mro__ and __subclasses__ reach the Python standard library; from Freemarker, Runtime.getRuntime().exec() is a few hops away. is therefore not just a rendering bug — it is a common path to full RCE inside the application container.
Mitigation direction#
Render user data, do not template it. Pass untrusted values as arguments to a pre-compiled template, never as template source. Enforce sandboxed engine modes where available, and strip dangerous builtins from the evaluation scope.