AVID-2026-R1516

Description

Insecure Jinja2 templates rendered in Haystack Components can lead to RCE (CVE-2024-41950)

Details

Haystack is an end-to-end LLM framework that allows you to build applications powered by LLMs, Transformer models, vector search and more. Haystack clients that let their users create and run Pipelines from scratch are vulnerable to remote code executions. Certain Components in Haystack use Jinja2 templates, if anyone can create and render that template on the client machine they run any code. The vulnerability has been fixed with Haystack 2.3.1.

Reason for inclusion in AVID: CVE-2024-41950 describes insecure Jinja2 template rendering in Haystack components that leads to remote code execution. Haystack is an end-to-end AI framework used to build AI pipelines, and the vulnerability affects software components (templates in Haystack) used to build/deploy AI systems. It is a software security vulnerability (RCE) with actionable details and a known fix in version 2.3.1, supported by CVE entry and advisories. This constitutes a software supply-chain vulnerability within AI stacks (dependencies/pipelines) and should be kept for AVID curation.

References

• NVD entry
• https://github.com/deepset-ai/haystack/security/advisories/GHSA-hx9v-6r9f-w677
• https://github.com/deepset-ai/haystack/pull/8095
• https://github.com/deepset-ai/haystack/pull/8096
• https://github.com/deepset-ai/haystack/commit/3fed1366c448b02189851bf08166c1f6477a02b0
• https://github.com/deepset-ai/haystack/commit/6c25a5c73e83aa32c3241ba84a5cbb3ac0e8a89e
• https://github.com/deepset-ai/haystack/releases/tag/v2.3.1

Affected or Relevant Artifacts

• Developer: deepset-ai
• Deployer: deepset-ai
• Artifact Details:

Impact

AVID Taxonomy Categorization

• Risk domains: Security
• SEP subcategories: S0100: Software Vulnerability
• Lifecycle stages: L06: Deployment

CVSS

CWE

Other information

• Report Type: Advisory
• Credits:
• Date Reported: 2024-07-31
• Version: 0.3.3
• AVID Entry