datapizza-labs datapizza-ai Server-Side Template Injection Vulnerability Allowing Remote Command Execution
Vulnerability
A critical server-side template injection vulnerability has been identified in datapizza-labs datapizza-ai version 0.0.2. The issue arises in the ChatPromptTemplate function within the Jinja2 Template Handler component, specifically in the file datapizza-ai-core/datapizza/modules/prompt/prompt.py. This vulnerability allows for improper neutralization of special elements used in the template engine, enabling remote command execution on the server host.
Impact
Exploitation of this vulnerability allows for arbitrary command execution on the server, with the potential for a complete takeover of the host system.
Reproduction
The vulnerability can be reproduced by creating a Python file that imports the ChatPromptTemplate class from the datapizza.modules.prompt module. After setting up a virtual environment and installing datapizza-ai version 0.0.2, the file can be executed. The proof-of-concept code demonstrates how to inject commands into the user_prompt_template and retrieval_prompt_template arguments, which are then executed on the server.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.