| عنوان | pyspur-dev pyspur <= 0.1.18 Server-Side Template Injection (SSTI) (CWE-1336) |
|---|
| الوصف | # Technical Details
A Server-Side Template Injection (SSTI) exists in the `apply_template` method in `backend/pyspur/rag/chunker.py` and `backend/pyspur/nodes/subworkflow/base_subworkflow_node.py` of pyspur.
The application fails to sandbox Jinja2 templates, evaluating raw `jinja2.Template()` without a `SandboxedEnvironment`.
# Vulnerable Code
File: backend/pyspur/rag/chunker.py
Method: apply_template
Why: Without wrapping the template engine in a SandboxedEnvironment, Jinja2 exposes its native global namespace to the evaluation context. An attacker can use standard Jinja2 built-in functions, such as `lipsum`, to traverse object attributes to reach the `__globals__` dictionary and execute system commands.
# Reproduction
1. Construct and send a POST request to `/api/rag/collections/preview_chunk/`.
2. Provide a payload using `{{ lipsum.__globals__['os'].popen('commands').read() }}` in the `chunking_config` JSON.
3. The server renders the Jinja2 template and executes the OS command.
# Impact
- Remote Code Execution (RCE) on the underlying server.
- Exfiltration of sensitive API keys and environment variables.
|
|---|
| المصدر | ⚠️ https://gist.github.com/YLChen-007/6fd98811ed9a6ad23d1d67e297d143a7 |
|---|
| المستخدم | Eric-b (UID 96354) |
|---|
| ارسال | 06/04/2026 05:44 AM (22 أيام منذ) |
|---|
| الاعتدال | 25/04/2026 03:49 PM (19 days later) |
|---|
| الحالة | مكرر |
|---|
| إدخال VulDB | 313638 [PySpur-Dev pyspur حتى 0.1.18 Jinja2 Template single_llm_call.py SingleLLMCallNode user_message تجاوز الصلاحيات] |
|---|
| النقاط | 0 |
|---|