1 files changed, 32 insertions, 0 deletions

diff --git a/doc/user/application_security/dast/checks/1336.1.md b/doc/user/application_security/dast/checks/1336.1.md
new file mode 100644
index 00000000000..f5a5d1eac4b
--- /dev/null
+++ b/doc/user/application_security/dast/checks/1336.1.md
@@ -0,0 +1,32 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Server-Side Template Injection
+
+## Description
+
+The application is vulnerable to Server-Side Template Injection (SSTI), which enables attackers to
+manipulate templates on the server side. This vulnerability arises when untrusted user input is
+directly used in server-side templates without adequate sanitization. Attackers can exploit this
+weakness to inject and execute arbitrary code in templates, potentially compromising the
+system's integrity and confidentiality.
+
+## Remediation
+
+User-controlled data should always have special elements neutralized when used as part of
+constructing Expression Language statements. Please consult the documentation for the template
+system in use on how properly neutralize user-controlled data.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 1336.1 | false | 1336 | Active | high |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/1336.html)
+- [Testing for Server-side Template Injection](https://owasp.org/www-project-web-security-testing-guide/stable/4-Web_Application_Security_Testing/07-Input_Validation_Testing/18-Testing_for_Server-side_Template_Injection)