Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Insecure Jinja2 templates rendered in Haystack Components can lead to RCE
Vulnerability Description
Haystack is an end-to-end LLM framework that allows you to build applications powered by LLMs, Transformer models, vector search and more. Haystack clients that let their users create and run Pipelines from scratch are vulnerable to remote code executions. Certain Components in Haystack use Jinja2 templates, if anyone can create and render that template on the client machine they run any code. The vulnerability has been fixed with Haystack `2.3.1`.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
CWE-1336
Vulnerability Title
Haystack 安全漏洞
Vulnerability Description
Haystack是deepset开源的一个开源 NLP 框架,可使用 Transformer 模型和 LLM(GPT-4、ChatGPT 等)与用户的数据进行交互。 Haystack 2.3.1之前版本存在安全漏洞。攻击者利用该漏洞可以导致远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A