SpaCy-LLM Server-Side Template Injection Vulnerability Allowing Remote Code Execution

A Server-Side Template Injection (SSTI) vulnerability has been identified in SpaCy-LLM version 0.7.2. This vulnerability allows attackers to execute arbitrary code by injecting a crafted payload into the template field. The issue arises from the use of vulnerable functions in the Jinja2 template engine, which the SpaCy-LLM package relies on to generate prompts for large language models (LLMs). When the template is processed, the injected code can be executed on the server, leading to potential unauthorized access or control over the system.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the server where SpaCy-LLM is running. This could lead to unauthorized access, data exfiltration, or complete compromise of the server.

Reproduction

To reproduce this vulnerability, install SpaCy-LLM version 0.7.2 and load the 'en_core_web_sm' model. Create a configuration for the LLM pipeline that includes a malicious payload in the template field. When the pipeline processes a document, the injected code will be executed, demonstrating the vulnerability.

Remediation

Users are advised to update SpaCy-LLM to version 0.7.3 or later, where this vulnerability has been patched.