Bagofwords Remote Code Execution Vulnerability

A remote code execution vulnerability exists in the Bagofwords application, specifically in versions through 0.0.297. The issue arises in the 'generate_df' function within 'backend/app/ai/code_execution/code_execution.py'. This vulnerability allows for prompt injection attacks, where an attacker can manipulate the output of a language model (LLM) to execute arbitrary system commands on the server. The lack of input sanitization and inadequate sandboxing of the execution environment are the root causes of this vulnerability.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the server, potentially leading to complete control over the server environment.

Reproduction

To reproduce this vulnerability, configure the LLM in the 'Settings\LLM' menu and add a data source. Then, ask the LLM a question about the data source, instructing it to generate a 'generate_df' function. Include a command, such as 'touch /tmp/success', embedded within the prompt. The LLM will execute the command on the server when the generated function is processed.

Remediation

Users are advised to upgrade to Bagofwords version 0.0.298, which addresses this vulnerability by adding safeguards around code execution and implementing automatic code validation. The updated version is available on the Bagofwords GitHub Releases page.