thautwarm vscode-diana Jinja2 Template Handler Server-Side Template Injection Vulnerability

A critical server-side template injection vulnerability has been identified in thautwarm vscode-diana version 0.0.1. The issue arises in an unknown function within the file Gen.py, specifically related to the Jinja2 template handler. The vulnerability allows for injection attacks, with the requirement that the exploitation occurs locally. The flaw has been publicly disclosed and could be actively exploited.

Impact

Exploitation of this vulnerability allows for server-side template injection, where an attacker can inject malicious Jinja2 expressions that execute arbitrary Python code on the server. This could lead to data leakage, remote code execution, or disruption of normal system operations.

Reproduction

To reproduce this vulnerability, an attacker must create or modify a file with the '.in' suffix in the directory processed by the vulnerable application. The file must contain malicious Jinja2 expressions, such as one designed to read sensitive system files like '/etc/passwd' on Unix-like systems. Once the file is in place, the application will read and render the template, executing the injected code and potentially leaking sensitive information or executing arbitrary commands on the server.