CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
Haystack is vulnerable to Remote Code Execution. The vulnerability is due to the use of Jinja2 templates, which can be exploited to run arbitrary code if a user creates and renders a malicious template on the client machine.
github.com/advisories/GHSA-hx9v-6r9f-w677
github.com/deepset-ai/haystack/commit/3fed1366c448b02189851bf08166c1f6477a02b0
github.com/deepset-ai/haystack/commit/6c25a5c73e83aa32c3241ba84a5cbb3ac0e8a89e
github.com/deepset-ai/haystack/pull/8095
github.com/deepset-ai/haystack/pull/8096
github.com/deepset-ai/haystack/releases/tag/v2.3.1
github.com/deepset-ai/haystack/security/advisories/GHSA-hx9v-6r9f-w677