In a recent CTF (DiceCTF), a vulnerability was discovered that allowed for bypassing a WAF using ejs template injection. This technique involves setting instructions to AI prompt to inject ejs templates, bypassing the WAF's protection mechanisms. The implications of this bypass can potentially lead to code injection attacks. It is important for organizations using WAF to be aware of this vulnerability and take necessary precautions to prevent such bypasses.
For more details, check out the original tweet here: