CVE-2025-49619

Skyvern through 0.1.85 is vulnerable to server-side template injection (SSTI) in the Prompt field of workflow blocks such as the Navigation v2 Block. Improper sanitization of Jinja2 template input allows authenticated users to inject crafted expressions that are evaluated on the server, leading to blind remote code execution (RCE).

Skyvern through 0.1.85 is vulnerable to server-side template injection (SSTI) in the Prompt field of workflow blocks such as the Navigation v2 Block. Improper sanitization of Jinja2 template input allows authenticated users to inject crafted expressions that are evaluated on the server, leading to blind remote code execution (RCE).

Skyvern through 0.2.0 has a Jinja runtime leak in sdk/workflow/models/block.py.

Skyvern through 0.2.0 has a Jinja runtime leak in sdk/workflow/models/block.py.

Skyvern, hasta la versión 0.1.85, es vulnerable a server-side template injection (SSTI) en el campo Prompt de bloques de flujo de trabajo, como el bloque Navigation v2. La depuración incorrecta de la entrada de plantilla de Jinja2 permite a los usuarios autenticados inyectar expresiones manipuladas que se evalúan en el servidor, lo que provoca la ejecución remota de código (RCE) a ciegas.