The bug class crosses languages. This week you reproduce CVE-2025-9556 (Gonja SSTI in Go) and show that defending the Python flavour leaves the Go flavour exposed unless the same defence applies.
Reading
- The CVE-2025-9556 advisory (link in cohort archive).
- Gonja upstream README and the patch commit.
- AI-201 Module on cross-language agentic vulnerabilities (your cohort archive).
- Optional: Eta (JavaScript) and FreeMarker (Java) brief reading for the cross-language sweep.
Lecture
Roughly three hours across two sessions. Key arc:
- Gonja: the Go port of Jinja2-like templating. Why it inherited the same surface.
- CVE-2025-9556 in one slide: identifier, affected versions, patched version.
- Reproducing in Go. Different language, same shape.
- The cross-language SSTI mapping. Jinja2 plus Gonja plus Eta (JavaScript) plus FreeMarker (Java).
- Why generalisation matters for the capstone report and for industry practice.
Lab pack
Lab Pack 7 reproduces CVE-2025-9556 and produces the cross-language mapping. See Lab Pack 7.
Tools you will use
- Go 1.21+ installed locally.
- The cohort-pinned vulnerable Gonja version per
lab-7/go.mod. - Your Module-4 Python reproduction harness for side-by-side comparison.
OWASP LLM and ASI anchor
The cross-language mapping shows that LLM01 (Prompt Injection) is a language-agnostic class. The capstone report's cross-language section uses the same mapping format.
Reflection prompts
- Name three structural similarities between the Jinja2 patch and the Gonja patch.
- Name three structural differences.
- If you were designing a strict-mode templating library today, what would you copy from one and reject from the other?
What is next
Module 8 walks the coordinated-disclosure timeline. You produce the report-shaped artefact a fictional vendor would actually act on.