CVE-2024-41950

Name of the Vulnerable Software and Affected Versions Haystack versions prior to 2.3.1

Description The issue concerns Haystack clients that allow users to create and run Pipelines from scratch, making them vulnerable to remote code executions. Certain components in Haystack utilize Jinja2 templates. If an individual can create and render these templates on the client machine, they can execute any code.

Recommendations For versions prior to 2.3.1, update to Haystack version 2.3.1 to resolve the issue. As a temporary workaround, consider preventing users from running the affected components or only letting users use preselected templates.