Skip to content

Insecure Jinja2 templates rendered in Haystack Components can lead to RCE

Low
silvanocerza published GHSA-hx9v-6r9f-w677 Jul 31, 2024

Package

pip haystack-ai (pip)

Affected versions

<=2.3.0

Patched versions

>=2.3.1

Description

Impact

Haystack clients that let their users create and run Pipelines from scratch are vulnerable to remote code executions.

Certain Components in Haystack use Jinja2 templates, if anyone can create and render that template on the client machine they run any code.

Patches

The problem has been fixed with PRs #8095 and #8096.

Both have been released with Haystack 2.3.1.

Workarounds

Prevent users from running the affected Components, or only let users use preselected templates.

References

The list of impacted Components can be found in the release notes for 2.3.1.
https://github.com/deepset-ai/haystack/releases/tag/v2.3.1

Severity

Low

CVE ID

CVE-2024-41950

Weaknesses

No CWEs