Banks Server-Side Template Injection Vulnerability Leading to Remote Code Execution

A server-side template injection vulnerability has been identified in Banks versions through 2.4.1. This issue arises because the application uses an unsandboxed Jinja2 environment to render prompt templates. When user-supplied strings are passed as template arguments, this vulnerability can be exploited, leading to remote code execution on the host system. The vulnerability is present in applications that allow users to customize prompt templates, such as those storing templates in a database or loading them from user-supplied configuration files.

Impact

Exploitation of this vulnerability allows for full remote code execution on the host system, including arbitrary command execution, data exfiltration, and server compromise.

Reproduction

To reproduce this vulnerability, first install Banks version 2.4.1. Then, create a Python script that imports the Prompt class from the Banks library. Construct a payload that exploits the server-side template injection vulnerability by accessing the global builtins and executing a command, such as 'id', using the 'os' module. Pass this payload as a template argument to the Prompt() function. When the text() method is called on the Prompt object, the injected command will be executed on the host system, demonstrating the remote code execution vulnerability.

Remediation

Users of Banks should upgrade to version 2.4.2, which addresses the vulnerability by switching to a sandboxed Jinja2 environment that blocks the exploitation vector. Developers should also avoid passing untrusted user input as template arguments to the Prompt() function.