Cloud Vulnerability DB
An open project to list all known cloud vulnerabilities and Cloud Service Provider security issues
Vulnerability DatabaseCVE-2021-4315
CVE-2021-4315:
Python vulnerability analysis and mitigation
Overview
CVE-2021-4315 affects the psiturk/experiment.py file in PsiTurk, where a Server-Side Template Injection (SSTI) vulnerability was discovered in the ad and consent pages. The vulnerability was identified and reported by a whitehat security researcher and was fixed in version 3.2.1 (GitHub Release).
Technical details
The vulnerability allowed users to pass arbitrary Python code to be executed on the server through the 'mode' HTTP argument in the advertisement and consent pages. The issue was related to unsafe template string handling in the insert_mode function, which directly inserted user-controlled input into template strings (GitHub PR).
Impact
This vulnerability could allow attackers to execute arbitrary Python code on the server through template injection, potentially leading to unauthorized access to server files and system commands (GitHub PR).
Mitigation and workarounds
The issue was fixed in PsiTurk version 3.2.1 by modifying the template handling mechanism to properly escape the mode parameter. Users should upgrade to version 3.2.1 or later to receive the security fix (GitHub Release).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Get a personalized demo
Ready to see Wiz in action?
“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management