As any other type of injection, SSTI is on the top of the OWASP list threatening web applications in a daily basis. SSTI is abused when directives are injected to a user input which is unsafely embedded to a template. The effect can be catastrophic, especially when remote code execution (RCE) is possible.
In the following short video, we can see how a server-side template injection occurs in a Flask with Jinja template engine. The POC is made inside of a CTF challenge so only the flag is shown and no RCE is allowed. In real-life systems, other data may be exposed which would endanger the company's assets.
The risk of accepting template directives causing a server-side template injection attack can be mitigated by rendering templates within a sandbox environment, protect user input fields by preventing the creation of templates from them and checking the documentation of the template engine for specific patches/advise in how to harden that engine.