CVE-2024-41950: 
Python vulnerability analysis and mitigation

Haystack, an end-to-end LLM framework for building applications powered by LLMs, Transformer models, and vector search, was found to contain a remote code execution vulnerability in versions prior to 2.3.1. The vulnerability affects Haystack clients that allow users to create and run Pipelines from scratch. Certain Components in Haystack use Jinja2 templates, which if rendered on the client machine could allow arbitrary code execution (GitHub Advisory).

The vulnerability stems from insecure implementation of Jinja2 templates in multiple Haystack components. The affected components include PromptBuilder, ChatPromptBuilder, DynamicPromptBuilder, DynamicChatPromptBuilder, OutputAdapter, ConditionalRouter, and the PipelineTemplate class. The issue has been assigned CVE-2024-41950 with a CVSS v3.1 base score of 7.5 (High) and vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD).

If exploited, this vulnerability allows attackers to execute arbitrary code on systems where Haystack is deployed with user-controlled templates. This could lead to complete system compromise, as the code would run with the same privileges as the Haystack application (GitHub Advisory).

The vulnerability has been patched in Haystack version 2.3.1. Users are strongly advised to upgrade to this version or later. For those unable to upgrade immediately, a workaround is to prevent users from running the affected Components or restrict users to using only preselected templates (GitHub Advisory, Haystack Release).