CVE-2024-41950 (GCVE-0-2024-41950)

Vulnerability from cvelistv5 – Published: 2024-07-31 15:50 – Updated: 2024-07-31 16:20
VLAI?
Summary
Haystack is an end-to-end LLM framework that allows you to build applications powered by LLMs, Transformer models, vector search and more. Haystack clients that let their users create and run Pipelines from scratch are vulnerable to remote code executions. Certain Components in Haystack use Jinja2 templates, if anyone can create and render that template on the client machine they run any code. The vulnerability has been fixed with Haystack `2.3.1`.
Severity ?
7.5 (High)
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE
  • CWE-1336 - Improper Neutralization of Special Elements Used in a Template Engine
Assigner
References
Impacted products
Vendor Product Version
deepset-ai haystack Affected: < 2.3.1
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:deepset:haystack:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "haystack",
            "vendor": "deepset",
            "versions": [
              {
                "lessThan": "2.3.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-41950",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-31T16:19:06.696483Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-31T16:20:20.326Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "haystack",
          "vendor": "deepset-ai",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 2.3.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Haystack is an end-to-end LLM framework that allows you to build applications powered by LLMs, Transformer models, vector search and more. Haystack clients that let their users create and run Pipelines from scratch are vulnerable to remote code executions. Certain Components in Haystack use Jinja2 templates, if anyone can create and render that template on the client machine they run any code. The vulnerability has been fixed with Haystack `2.3.1`."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1336",
              "description": "CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-31T15:50:59.837Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/deepset-ai/haystack/security/advisories/GHSA-hx9v-6r9f-w677",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/deepset-ai/haystack/security/advisories/GHSA-hx9v-6r9f-w677"
        },
        {
          "name": "https://github.com/deepset-ai/haystack/pull/8095",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/deepset-ai/haystack/pull/8095"
        },
        {
          "name": "https://github.com/deepset-ai/haystack/pull/8096",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/deepset-ai/haystack/pull/8096"
        },
        {
          "name": "https://github.com/deepset-ai/haystack/commit/3fed1366c448b02189851bf08166c1f6477a02b0",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/deepset-ai/haystack/commit/3fed1366c448b02189851bf08166c1f6477a02b0"
        },
        {
          "name": "https://github.com/deepset-ai/haystack/commit/6c25a5c73e83aa32c3241ba84a5cbb3ac0e8a89e",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/deepset-ai/haystack/commit/6c25a5c73e83aa32c3241ba84a5cbb3ac0e8a89e"
        },
        {
          "name": "https://github.com/deepset-ai/haystack/releases/tag/v2.3.1",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/deepset-ai/haystack/releases/tag/v2.3.1"
        }
      ],
      "source": {
        "advisory": "GHSA-hx9v-6r9f-w677",
        "discovery": "UNKNOWN"
      },
      "title": "Insecure Jinja2 templates rendered in Haystack Components can lead to RCE"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-41950",
    "datePublished": "2024-07-31T15:50:59.837Z",
    "dateReserved": "2024-07-24T16:51:40.949Z",
    "dateUpdated": "2024-07-31T16:20:20.326Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Haystack is an end-to-end LLM framework that allows you to build applications powered by LLMs, Transformer models, vector search and more. Haystack clients that let their users create and run Pipelines from scratch are vulnerable to remote code executions. Certain Components in Haystack use Jinja2 templates, if anyone can create and render that template on the client machine they run any code. The vulnerability has been fixed with Haystack `2.3.1`.\"}, {\"lang\": \"es\", \"value\": \"Haystack es un framework LLM de un extremo a otro que le permite crear aplicaciones impulsadas por LLM, modelos Transformer, b\\u00fasqueda vectorial y m\\u00e1s. Los clientes Haystack que permiten a sus usuarios crear y ejecutar Pipelines desde cero son vulnerables a ejecuciones remotas de c\\u00f3digo. Ciertos componentes en Haystack usan plantillas Jinja2, si alguien puede crear y representar esa plantilla en la m\\u00e1quina cliente, ejecuta cualquier c\\u00f3digo. La vulnerabilidad se ha solucionado con Haystack `2.3.1`.\"}]",
      "id": "CVE-2024-41950",
      "lastModified": "2024-08-01T12:42:36.933",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.6, \"impactScore\": 5.9}]}",
      "published": "2024-07-31T16:15:04.797",
      "references": "[{\"url\": \"https://github.com/deepset-ai/haystack/commit/3fed1366c448b02189851bf08166c1f6477a02b0\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/deepset-ai/haystack/commit/6c25a5c73e83aa32c3241ba84a5cbb3ac0e8a89e\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/deepset-ai/haystack/pull/8095\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/deepset-ai/haystack/pull/8096\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/deepset-ai/haystack/releases/tag/v2.3.1\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/deepset-ai/haystack/security/advisories/GHSA-hx9v-6r9f-w677\", \"source\": \"security-advisories@github.com\"}]",
      "sourceIdentifier": "security-advisories@github.com",
      "vulnStatus": "Awaiting Analysis",
      "weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-1336\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-41950\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-07-31T16:15:04.797\",\"lastModified\":\"2024-08-01T12:42:36.933\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Haystack is an end-to-end LLM framework that allows you to build applications powered by LLMs, Transformer models, vector search and more. Haystack clients that let their users create and run Pipelines from scratch are vulnerable to remote code executions. Certain Components in Haystack use Jinja2 templates, if anyone can create and render that template on the client machine they run any code. The vulnerability has been fixed with Haystack `2.3.1`.\"},{\"lang\":\"es\",\"value\":\"Haystack es un framework LLM de un extremo a otro que le permite crear aplicaciones impulsadas por LLM, modelos Transformer, b\u00fasqueda vectorial y m\u00e1s. Los clientes Haystack que permiten a sus usuarios crear y ejecutar Pipelines desde cero son vulnerables a ejecuciones remotas de c\u00f3digo. Ciertos componentes en Haystack usan plantillas Jinja2, si alguien puede crear y representar esa plantilla en la m\u00e1quina cliente, ejecuta cualquier c\u00f3digo. La vulnerabilidad se ha solucionado con Haystack `2.3.1`.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.6,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1336\"}]}],\"references\":[{\"url\":\"https://github.com/deepset-ai/haystack/commit/3fed1366c448b02189851bf08166c1f6477a02b0\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/deepset-ai/haystack/commit/6c25a5c73e83aa32c3241ba84a5cbb3ac0e8a89e\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/deepset-ai/haystack/pull/8095\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/deepset-ai/haystack/pull/8096\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/deepset-ai/haystack/releases/tag/v2.3.1\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/deepset-ai/haystack/security/advisories/GHSA-hx9v-6r9f-w677\",\"source\":\"security-advisories@github.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-41950\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-07-31T16:19:06.696483Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:deepset:haystack:*:*:*:*:*:*:*:*\"], \"vendor\": \"deepset\", \"product\": \"haystack\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"2.3.1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-31T16:20:13.870Z\"}}], \"cna\": {\"title\": \"Insecure Jinja2 templates rendered in Haystack Components can lead to RCE\", \"source\": {\"advisory\": \"GHSA-hx9v-6r9f-w677\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"deepset-ai\", \"product\": \"haystack\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 2.3.1\"}]}], \"references\": [{\"url\": \"https://github.com/deepset-ai/haystack/security/advisories/GHSA-hx9v-6r9f-w677\", \"name\": \"https://github.com/deepset-ai/haystack/security/advisories/GHSA-hx9v-6r9f-w677\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/deepset-ai/haystack/pull/8095\", \"name\": \"https://github.com/deepset-ai/haystack/pull/8095\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/deepset-ai/haystack/pull/8096\", \"name\": \"https://github.com/deepset-ai/haystack/pull/8096\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/deepset-ai/haystack/commit/3fed1366c448b02189851bf08166c1f6477a02b0\", \"name\": \"https://github.com/deepset-ai/haystack/commit/3fed1366c448b02189851bf08166c1f6477a02b0\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/deepset-ai/haystack/commit/6c25a5c73e83aa32c3241ba84a5cbb3ac0e8a89e\", \"name\": \"https://github.com/deepset-ai/haystack/commit/6c25a5c73e83aa32c3241ba84a5cbb3ac0e8a89e\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/deepset-ai/haystack/releases/tag/v2.3.1\", \"name\": \"https://github.com/deepset-ai/haystack/releases/tag/v2.3.1\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Haystack is an end-to-end LLM framework that allows you to build applications powered by LLMs, Transformer models, vector search and more. Haystack clients that let their users create and run Pipelines from scratch are vulnerable to remote code executions. Certain Components in Haystack use Jinja2 templates, if anyone can create and render that template on the client machine they run any code. The vulnerability has been fixed with Haystack `2.3.1`.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-1336\", \"description\": \"CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2024-07-31T15:50:59.837Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-41950\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-07-31T16:20:20.326Z\", \"dateReserved\": \"2024-07-24T16:51:40.949Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2024-07-31T15:50:59.837Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.