http.sh/docs/sec-fixes/2025-02-24_template.md

2025-02-24 Template injection leading to RCE

Between commits 4e6c5c0ba3 (2024-07-17) and 89c2850428 (2025-02-24), template.sh included a code path which allowed an attacker to inject the delimeter (\x02) into a rendered value, which coupled with using the e sed filter could lead to remote code execution.

This vulnerability could only be triggered in apps using the subtemplate feature. It arose due to an inconsistency with input sanitization between including a raw value and including a raw value while recursing.