Nixpkgs security tracker
7.5 HIGH
- CVSS version (CVSS): 3.1
- Attack Vector (AV): Network (N)
- Attack Complexity (AC): High (H)
- Privileges Required (PR): None (N)
- User Interaction (UI): Required (R)
- Scope (S): Unchanged (U)
- Confidentiality (C): High (H)
- Integrity (I): High (H)
- Availability (A): High (H)
- Modified Attack Vector (MAV): Network (N)
- Modified Attack Complexity (MAC): High (H)
- Modified Privileges Required (MPR): None (N)
- Modified User Interaction (MUI): Required (R)
- Modified Confidentiality (MC): High (H)
- Modified Scope (MS): Unchanged (U)
- Modified Integrity (MI): High (H)
- Modified Availability (MA): High (H)
Activity log
- Created suggestion
Banks: Critical Remote Code Execution (RCE) via Jinja2 SSTI
Banks generates meaningful LLM prompts using a template language that makes sense. Prior to 2.4.2, banks uses jinja2.Environment() (unsandboxed) to render prompt templates. Applications that pass user-supplied strings as the template argument to Prompt() are vulnerable to Server-Side Template Injection (SSTI), which can lead to Remote Code Execution (RCE) on the host system. This vulnerability is fixed in 2.4.2.
References
-
https://github.com/masci/banks/security/advisories/GHSA-gphh-9q3h-jgpp x_refsource_CONFIRM
-
https://github.com/masci/banks/pull/74 x_refsource_MISC
Affected products
- ==< 2.4.2
Matching in nixpkgs
pkgs.bankstown-lv2
Lightweight psychoacoustic bass enhancement plugin
pkgs.python312Packages.banks
Module that provides tools and functions to build prompts text and chat messages from generic blueprints
pkgs.python313Packages.banks
Module that provides tools and functions to build prompts text and chat messages from generic blueprints
pkgs.python314Packages.banks
Module that provides tools and functions to build prompts text and chat messages from generic blueprints
pkgs.nltk-data.universal-treebanks-v20
NLTK Data
-
nixos-unstable 0-unstable-2024-07-29
- nixpkgs-unstable 0-unstable-2024-07-29
- nixos-unstable-small 0-unstable-2024-07-29
-
nixos-25.11 0-unstable-2024-07-29
- nixos-25.11-small 0-unstable-2024-07-29
- nixpkgs-25.11-darwin 0-unstable-2024-07-29
pkgs.python312Packages.asteroid-filterbanks
PyTorch-based audio source separation toolkit for researchers
-
nixos-25.11 0.4.0-unstable-2024-12-02
- nixos-25.11-small 0.4.0-unstable-2024-12-02
- nixpkgs-25.11-darwin 0.4.0-unstable-2024-12-02
pkgs.python313Packages.asteroid-filterbanks
PyTorch-based audio source separation toolkit for researchers
-
nixos-unstable 0.4.0-unstable-2024-12-02
- nixpkgs-unstable 0.4.0-unstable-2024-12-02
- nixos-unstable-small 0.4.0-unstable-2024-12-02
-
nixos-25.11 0.4.0-unstable-2024-12-02
- nixos-25.11-small 0.4.0-unstable-2024-12-02
- nixpkgs-25.11-darwin 0.4.0-unstable-2024-12-02
pkgs.python314Packages.asteroid-filterbanks
PyTorch-based audio source separation toolkit for researchers
-
nixos-unstable 0.4.0-unstable-2024-12-02
- nixpkgs-unstable 0.4.0-unstable-2024-12-02
- nixos-unstable-small 0.4.0-unstable-2024-12-02
pkgs.pkgsRocm.python3Packages.asteroid-filterbanks
PyTorch-based audio source separation toolkit for researchers
-
nixos-unstable 0.4.0-unstable-2024-12-02
- nixpkgs-unstable 0.4.0-unstable-2024-12-02
- nixos-unstable-small 0.4.0-unstable-2024-12-02
-
nixos-25.11 0.4.0-unstable-2024-12-02
- nixos-25.11-small 0.4.0-unstable-2024-12-02
- nixpkgs-25.11-darwin 0.4.0-unstable-2024-12-02
Package maintainers
-
@yuyuyureka Yureka <yuka@yuka.dev>
-
@happysalada Raphael Megzari <raphael@megzari.com>
-
@bengsparks Ben Sparks <benjamin.sparks@protonmail.com>
-
@MatthewCroughan Matthew Croughan <matt@croughan.sh>
-
@fabaff Fabian Affolter <mail@fabian-affolter.ch>