GHSA-HX9V-6R9F-W677

Vulnerability from github – Published: 2024-07-31 18:50 – Updated: 2024-07-31 18:50
VLAI?
Summary
Insecure Jinja2 templates rendered in Haystack Components can lead to RCE
Details

Impact

Haystack clients that let their users create and run Pipelines from scratch are vulnerable to remote code executions.

Certain Components in Haystack use Jinja2 templates, if anyone can create and render that template on the client machine they run any code.

Patches

The problem has been fixed with PRs deepset-ai/haystack#8095 and deepset-ai/haystack#8096.

Both have been released with Haystack 2.3.1.

Workarounds

Prevent users from running the affected Components, or only let users use preselected templates.

References

The list of impacted Components can be found in the release notes for 2.3.1. https://github.com/deepset-ai/haystack/releases/tag/v2.3.1

Severity ?
7.5 (High)
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
7.7 (High)
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Show details on source website
To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "haystack-ai"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.3.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-41950"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1336"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-07-31T18:50:41Z",
    "nvd_published_at": "2024-07-31T16:15:04Z",
    "severity": "HIGH"
  },
  "details": "### Impact\n\nHaystack clients that let their users create and run Pipelines from scratch are vulnerable to remote code executions.\n\nCertain Components in Haystack use Jinja2 templates, if anyone can create and render that template on the client machine they run any code.\n\n### Patches\n\nThe problem has been fixed with PRs deepset-ai/haystack#8095 and deepset-ai/haystack#8096.\n\nBoth have been released with Haystack `2.3.1`.\n\n### Workarounds\n\nPrevent users from running the affected Components, or only let users use preselected templates.\n\n### References\n\nThe list of impacted Components can be found in the release notes for `2.3.1`.\nhttps://github.com/deepset-ai/haystack/releases/tag/v2.3.1",
  "id": "GHSA-hx9v-6r9f-w677",
  "modified": "2024-07-31T18:50:41Z",
  "published": "2024-07-31T18:50:41Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/deepset-ai/haystack/security/advisories/GHSA-hx9v-6r9f-w677"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41950"
    },
    {
      "type": "WEB",
      "url": "https://github.com/deepset-ai/haystack/pull/8095"
    },
    {
      "type": "WEB",
      "url": "https://github.com/deepset-ai/haystack/pull/8096"
    },
    {
      "type": "WEB",
      "url": "https://github.com/deepset-ai/haystack/commit/3fed1366c448b02189851bf08166c1f6477a02b0"
    },
    {
      "type": "WEB",
      "url": "https://github.com/deepset-ai/haystack/commit/6c25a5c73e83aa32c3241ba84a5cbb3ac0e8a89e"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/deepset-ai/haystack"
    },
    {
      "type": "WEB",
      "url": "https://github.com/deepset-ai/haystack/releases/tag/v2.3.1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Insecure Jinja2 templates rendered in Haystack Components can lead to RCE"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.