| Название | pyspur-dev pyspur <= 0.1.18 Server-Side Template Injection (SSTI) (CWE-1336) |
|---|
| Описание | # Technical Details
A Server-Side Template Injection (SSTI) exists in the `apply_template` method in `backend/pyspur/rag/chunker.py` and `backend/pyspur/nodes/subworkflow/base_subworkflow_node.py` of pyspur.
The application fails to sandbox Jinja2 templates, evaluating raw `jinja2.Template()` without a `SandboxedEnvironment`.
# Vulnerable Code
File: backend/pyspur/rag/chunker.py
Method: apply_template
Why: Without wrapping the template engine in a SandboxedEnvironment, Jinja2 exposes its native global namespace to the evaluation context. An attacker can use standard Jinja2 built-in functions, such as `lipsum`, to traverse object attributes to reach the `__globals__` dictionary and execute system commands.
# Reproduction
1. Construct and send a POST request to `/api/rag/collections/preview_chunk/`.
2. Provide a payload using `{{ lipsum.__globals__['os'].popen('commands').read() }}` in the `chunking_config` JSON.
3. The server renders the Jinja2 template and executes the OS command.
# Impact
- Remote Code Execution (RCE) on the underlying server.
- Exfiltration of sensitive API keys and environment variables.
|
|---|
| Источник | ⚠️ https://gist.github.com/YLChen-007/6fd98811ed9a6ad23d1d67e297d143a7 |
|---|
| Пользователь | Eric-b (UID 96354) |
|---|
| Представление | 06.04.2026 05:44 (22 дни назад) |
|---|
| Модерация | 25.04.2026 15:49 (19 days later) |
|---|
| Статус | Дубликат |
|---|
| Запись VulDB | 313638 [PySpur-Dev pyspur до 0.1.18 Jinja2 Template single_llm_call.py SingleLLMCallNode user_message эскалация привилегий] |
|---|
| Баллы | 0 |
|---|