Vulnerabilites related to langchain - langchain
cve-2023-46229
Vulnerability from cvelistv5
Published
2023-10-19 00:00
Modified
2024-09-12 18:06
Severity ?
EPSS score ?
Summary
LangChain before 0.0.317 allows SSRF via document_loaders/recursive_url_loader.py because crawling can proceed from an external server to an internal server.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T20:37:40.240Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/langchain-ai/langchain/pull/11925", }, { tags: [ "x_transferred", ], url: "https://github.com/langchain-ai/langchain/commit/9ecb7240a480720ec9d739b3877a52f76098a2b8", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-46229", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-12T18:06:03.676750Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-12T18:06:21.757Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "LangChain before 0.0.317 allows SSRF via document_loaders/recursive_url_loader.py because crawling can proceed from an external server to an internal server.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-10-19T04:34:26.917226", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/langchain-ai/langchain/pull/11925", }, { url: "https://github.com/langchain-ai/langchain/commit/9ecb7240a480720ec9d739b3877a52f76098a2b8", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-46229", datePublished: "2023-10-19T00:00:00", dateReserved: "2023-10-19T00:00:00", dateUpdated: "2024-09-12T18:06:21.757Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-38860
Vulnerability from cvelistv5
Published
2023-08-15 00:00
Modified
2024-10-09 13:16
Severity ?
EPSS score ?
Summary
An issue in LangChain v.0.0.231 allows a remote attacker to execute arbitrary code via the prompt parameter.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:54:38.918Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/hwchase17/langchain/issues/7641", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-38860", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-09T13:16:43.332308Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-09T13:16:52.350Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue in LangChain v.0.0.231 allows a remote attacker to execute arbitrary code via the prompt parameter.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-08-15T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/hwchase17/langchain/issues/7641", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-38860", datePublished: "2023-08-15T00:00:00", dateReserved: "2023-07-25T00:00:00", dateUpdated: "2024-10-09T13:16:52.350Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-36258
Vulnerability from cvelistv5
Published
2023-07-03 00:00
Modified
2024-11-22 16:46
Severity ?
EPSS score ?
Summary
An issue in LangChain before 0.0.236 allows an attacker to execute arbitrary code because Python code with os.system, exec, or eval can be used.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T16:45:56.359Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/hwchase17/langchain/issues/5872", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-36258", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-22T16:45:46.269594Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-94", description: "CWE-94 Improper Control of Generation of Code ('Code Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-22T16:46:55.583Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue in LangChain before 0.0.236 allows an attacker to execute arbitrary code because Python code with os.system, exec, or eval can be used.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-26T04:26:02.945558", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/hwchase17/langchain/issues/5872", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-36258", datePublished: "2023-07-03T00:00:00", dateReserved: "2023-06-21T00:00:00", dateUpdated: "2024-11-22T16:46:55.583Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-7042
Vulnerability from cvelistv5
Published
2024-10-29 12:50
Modified
2024-10-29 18:13
Severity ?
EPSS score ?
Summary
A vulnerability in the GraphCypherQAChain class of langchain-ai/langchainjs versions 0.2.5 and all versions with this class allows for prompt injection, leading to SQL injection. This vulnerability permits unauthorized data manipulation, data exfiltration, denial of service (DoS) by deleting all data, breaches in multi-tenant security environments, and data integrity issues. Attackers can create, update, or delete nodes and relationships without proper authorization, extract sensitive data, disrupt services, access data across different tenants, and compromise the integrity of the database.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| langchain-ai | langchain-ai/langchainjs |
Version: unspecified < 0.3.1 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:langchain-ai:langchainjs:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "langchainjs", vendor: "langchain-ai", versions: [ { lessThan: "0.3.1", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-7042", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-29T13:50:49.711929Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-29T18:13:22.249Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "langchain-ai/langchainjs", vendor: "langchain-ai", versions: [ { lessThan: "0.3.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability in the GraphCypherQAChain class of langchain-ai/langchainjs versions 0.2.5 and all versions with this class allows for prompt injection, leading to SQL injection. This vulnerability permits unauthorized data manipulation, data exfiltration, denial of service (DoS) by deleting all data, breaches in multi-tenant security environments, and data integrity issues. Attackers can create, update, or delete nodes and relationships without proper authorization, extract sensitive data, disrupt services, access data across different tenants, and compromise the integrity of the database.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89 Improper Neutralization of Special Elements used in an SQL Command", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-29T12:50:05.375Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntr_ai", }, references: [ { url: "https://huntr.com/bounties/b612defb-1104-4fff-9fef-001ab07c7b2d", }, { url: "https://github.com/langchain-ai/langchainjs/commit/615b9d9ab30a2d23a2f95fb8d7acfdf4b41ad7a6", }, ], source: { advisory: "b612defb-1104-4fff-9fef-001ab07c7b2d", discovery: "EXTERNAL", }, title: "Prompt Injection in langchain-ai/langchainjs Leading to SQL Injection", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntr_ai", cveId: "CVE-2024-7042", datePublished: "2024-10-29T12:50:05.375Z", dateReserved: "2024-07-23T18:41:58.788Z", dateUpdated: "2024-10-29T18:13:22.249Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-36281
Vulnerability from cvelistv5
Published
2023-08-22 00:00
Modified
2024-10-15 16:39
Severity ?
EPSS score ?
Summary
An issue in langchain v.0.0.171 allows a remote attacker to execute arbitrary code via a JSON file to load_prompt. This is related to __subclasses__ or a template.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T16:45:56.240Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/hwchase17/langchain/issues/4394", }, { tags: [ "x_transferred", ], url: "https://aisec.today/LangChain-2e6244a313dd46139c5ef28cbcab9e55", }, { tags: [ "x_transferred", ], url: "https://github.com/langchain-ai/langchain/releases/tag/v0.0.312", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-36281", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2023-12-13T16:27:50.227615Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-94", description: "CWE-94 Improper Control of Generation of Code ('Code Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-15T16:39:03.468Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue in langchain v.0.0.171 allows a remote attacker to execute arbitrary code via a JSON file to load_prompt. This is related to __subclasses__ or a template.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-11-29T00:26:49.363259", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/hwchase17/langchain/issues/4394", }, { url: "https://aisec.today/LangChain-2e6244a313dd46139c5ef28cbcab9e55", }, { url: "https://github.com/langchain-ai/langchain/releases/tag/v0.0.312", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-36281", datePublished: "2023-08-22T00:00:00", dateReserved: "2023-06-21T00:00:00", dateUpdated: "2024-10-15T16:39:03.468Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-36095
Vulnerability from cvelistv5
Published
2023-08-05 00:00
Modified
2024-10-17 14:47
Severity ?
EPSS score ?
Summary
An issue in Harrison Chase langchain v.0.0.194 allows an attacker to execute arbitrary code via the python exec calls in the PALChain, affected functions include from_math_prompt and from_colored_object_prompt.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T16:37:41.356Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/hwchase17/langchain", }, { tags: [ "x_transferred", ], url: "http://langchain.com", }, { tags: [ "x_transferred", ], url: "https://github.com/langchain-ai/langchain/issues/5872", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-36095", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-17T14:46:57.535168Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-17T14:47:07.463Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue in Harrison Chase langchain v.0.0.194 allows an attacker to execute arbitrary code via the python exec calls in the PALChain, affected functions include from_math_prompt and from_colored_object_prompt.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-08-14T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/hwchase17/langchain", }, { url: "http://langchain.com", }, { url: "https://github.com/langchain-ai/langchain/issues/5872", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-36095", datePublished: "2023-08-05T00:00:00", dateReserved: "2023-06-21T00:00:00", dateUpdated: "2024-10-17T14:47:07.463Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-0243
Vulnerability from cvelistv5
Published
2024-02-24 17:59
Modified
2025-04-22 16:14
Severity ?
EPSS score ?
Summary
With the following crawler configuration:
```python
from bs4 import BeautifulSoup as Soup
url = "https://example.com"
loader = RecursiveUrlLoader(
url=url, max_depth=2, extractor=lambda x: Soup(x, "html.parser").text
)
docs = loader.load()
```
An attacker in control of the contents of `https://example.com` could place a malicious HTML file in there with links like "https://example.completely.different/my_file.html" and the crawler would proceed to download that file as well even though `prevent_outside=True`.
https://github.com/langchain-ai/langchain/blob/bf0b3cc0b5ade1fb95a5b1b6fa260e99064c2e22/libs/community/langchain_community/document_loaders/recursive_url_loader.py#L51-L51
Resolved in https://github.com/langchain-ai/langchain/pull/15559
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| langchain-ai | langchain-ai/langchain |
Version: unspecified < 0.1.0 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:langchain-ai:langchain-ai\\/langchain:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "langchain-ai\\/langchain", vendor: "langchain-ai", versions: [ { lessThan: "0.1.0", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-0243", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-02-26T18:43:11.371044Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-04-22T16:14:26.674Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T17:41:16.443Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.com/bounties/370904e7-10ac-40a4-a8d4-e2d16e1ca861", }, { tags: [ "x_transferred", ], url: "https://github.com/langchain-ai/langchain/commit/bf0b3cc0b5ade1fb95a5b1b6fa260e99064c2e22", }, { tags: [ "x_transferred", ], url: "https://github.com/langchain-ai/langchain/pull/15559", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "langchain-ai/langchain", vendor: "langchain-ai", versions: [ { lessThan: "0.1.0", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "With the following crawler configuration:\n\n```python\nfrom bs4 import BeautifulSoup as Soup\n\nurl = \"https://example.com\"\nloader = RecursiveUrlLoader(\n url=url, max_depth=2, extractor=lambda x: Soup(x, \"html.parser\").text\n)\ndocs = loader.load()\n```\n\nAn attacker in control of the contents of `https://example.com` could place a malicious HTML file in there with links like \"https://example.completely.different/my_file.html\" and the crawler would proceed to download that file as well even though `prevent_outside=True`.\n\nhttps://github.com/langchain-ai/langchain/blob/bf0b3cc0b5ade1fb95a5b1b6fa260e99064c2e22/libs/community/langchain_community/document_loaders/recursive_url_loader.py#L51-L51\n\nResolved in https://github.com/langchain-ai/langchain/pull/15559", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-918", description: "CWE-918 Server-Side Request Forgery (SSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T20:57:24.633Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntr_ai", }, references: [ { url: "https://huntr.com/bounties/370904e7-10ac-40a4-a8d4-e2d16e1ca861", }, { url: "https://github.com/langchain-ai/langchain/commit/bf0b3cc0b5ade1fb95a5b1b6fa260e99064c2e22", }, { url: "https://github.com/langchain-ai/langchain/pull/15559", }, ], source: { advisory: "370904e7-10ac-40a4-a8d4-e2d16e1ca861", discovery: "EXTERNAL", }, title: "Server-side Request Forgery In Recursive URL Loader", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntr_ai", cveId: "CVE-2024-0243", datePublished: "2024-02-24T17:59:26.498Z", dateReserved: "2024-01-04T21:47:13.281Z", dateUpdated: "2025-04-22T16:14:26.674Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-3095
Vulnerability from cvelistv5
Published
2024-06-06 18:28
Modified
2024-08-01 19:32
Severity ?
EPSS score ?
Summary
A Server-Side Request Forgery (SSRF) vulnerability exists in the Web Research Retriever component of langchain-ai/langchain version 0.1.5. The vulnerability arises because the Web Research Retriever does not restrict requests to remote internet addresses, allowing it to reach local addresses. This flaw enables attackers to execute port scans, access local services, and in some scenarios, read instance metadata from cloud environments. The vulnerability is particularly concerning as it can be exploited to abuse the Web Explorer server as a proxy for web attacks on third parties and interact with servers in the local network, including reading their response data. This could potentially lead to arbitrary code execution, depending on the nature of the local services. The vulnerability is limited to GET requests, as POST requests are not possible, but the impact on confidentiality, integrity, and availability is significant due to the potential for stolen credentials and state-changing interactions with internal APIs.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| langchain-ai | langchain-ai/langchain |
Version: unspecified < |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:langchain:langchain:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "langchain", vendor: "langchain", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-3095", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-06-07T18:54:30.796846Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-07T19:04:01.437Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T19:32:42.601Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.com/bounties/e62d4895-2901-405b-9559-38276b6a5273", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "langchain-ai/langchain", vendor: "langchain-ai", versions: [ { lessThanOrEqual: "latest", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A Server-Side Request Forgery (SSRF) vulnerability exists in the Web Research Retriever component of langchain-ai/langchain version 0.1.5. The vulnerability arises because the Web Research Retriever does not restrict requests to remote internet addresses, allowing it to reach local addresses. This flaw enables attackers to execute port scans, access local services, and in some scenarios, read instance metadata from cloud environments. The vulnerability is particularly concerning as it can be exploited to abuse the Web Explorer server as a proxy for web attacks on third parties and interact with servers in the local network, including reading their response data. This could potentially lead to arbitrary code execution, depending on the nature of the local services. The vulnerability is limited to GET requests, as POST requests are not possible, but the impact on confidentiality, integrity, and availability is significant due to the potential for stolen credentials and state-changing interactions with internal APIs.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "PHYSICAL", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-918", description: "CWE-918 Server-Side Request Forgery (SSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-06T18:28:56.403Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntr_ai", }, references: [ { url: "https://huntr.com/bounties/e62d4895-2901-405b-9559-38276b6a5273", }, ], source: { advisory: "e62d4895-2901-405b-9559-38276b6a5273", discovery: "EXTERNAL", }, title: "SSRF in Langchain Web Research Retriever in langchain-ai/langchain", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntr_ai", cveId: "CVE-2024-3095", datePublished: "2024-06-06T18:28:56.403Z", dateReserved: "2024-03-29T15:59:53.848Z", dateUpdated: "2024-08-01T19:32:42.601Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-34540
Vulnerability from cvelistv5
Published
2023-06-14 00:00
Modified
2024-08-02 16:10
Severity ?
EPSS score ?
Summary
Langchain before v0.0.225 was discovered to contain a remote code execution (RCE) vulnerability in the component JiraAPIWrapper (aka the JIRA API wrapper). This vulnerability allows attackers to execute arbitrary code via crafted input. As noted in the "releases/tag" reference, a fix is available.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T16:10:07.011Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/hwchase17/langchain/issues/4833", }, { tags: [ "x_transferred", ], url: "https://github.com/langchain-ai/langchain/pull/6992", }, { tags: [ "x_transferred", ], url: "https://github.com/langchain-ai/langchain/releases/tag/v0.0.225", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Langchain before v0.0.225 was discovered to contain a remote code execution (RCE) vulnerability in the component JiraAPIWrapper (aka the JIRA API wrapper). This vulnerability allows attackers to execute arbitrary code via crafted input. As noted in the \"releases/tag\" reference, a fix is available.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:15:53.751977", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/hwchase17/langchain/issues/4833", }, { url: "https://github.com/langchain-ai/langchain/pull/6992", }, { url: "https://github.com/langchain-ai/langchain/releases/tag/v0.0.225", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-34540", datePublished: "2023-06-14T00:00:00", dateReserved: "2023-06-07T00:00:00", dateUpdated: "2024-08-02T16:10:07.011Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-38896
Vulnerability from cvelistv5
Published
2023-08-15 00:00
Modified
2024-10-09 13:02
Severity ?
EPSS score ?
Summary
An issue in Harrison Chase langchain v.0.0.194 and before allows a remote attacker to execute arbitrary code via the from_math_prompt and from_colored_object_prompt functions.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:54:39.530Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/hwchase17/langchain/issues/5872", }, { tags: [ "x_transferred", ], url: "https://github.com/hwchase17/langchain/pull/6003", }, { tags: [ "x_transferred", ], url: "https://twitter.com/llm_sec/status/1668711587287375876", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-38896", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-09T13:02:00.530034Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-09T13:02:11.603Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue in Harrison Chase langchain v.0.0.194 and before allows a remote attacker to execute arbitrary code via the from_math_prompt and from_colored_object_prompt functions.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-08-15T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/hwchase17/langchain/issues/5872", }, { url: "https://github.com/hwchase17/langchain/pull/6003", }, { url: "https://twitter.com/llm_sec/status/1668711587287375876", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-38896", datePublished: "2023-08-15T00:00:00", dateReserved: "2023-07-25T00:00:00", dateUpdated: "2024-10-09T13:02:11.603Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-28088
Vulnerability from cvelistv5
Published
2024-03-03 00:00
Modified
2024-08-26 19:44
Severity ?
EPSS score ?
Summary
LangChain through 0.1.10 allows ../ directory traversal by an actor who is able to control the final part of the path parameter in a load_chain call. This bypasses the intended behavior of loading configurations only from the hwchase17/langchain-hub GitHub repository. The outcome can be disclosure of an API key for a large language model online service, or remote code execution. (A patch is available as of release 0.1.29 of langchain-core.)
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T00:48:48.940Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/PinkDraconian/PoC-Langchain-RCE/blob/main/README.md", }, { tags: [ "x_transferred", ], url: "https://github.com/langchain-ai/langchain/blob/f96dd57501131840b713ed7c2e86cbf1ddc2761f/libs/core/langchain_core/utils/loading.py", }, { tags: [ "x_transferred", ], url: "https://github.com/langchain-ai/langchain/pull/18600", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:langchain:langchain:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "langchain", vendor: "langchain", versions: [ { lessThanOrEqual: "0.1.10", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-28088", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-03-07T19:36:26.136405Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-31", description: "CWE-31 Path Traversal: 'dir\\..\\..\\filename'", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-26T19:44:45.330Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "LangChain through 0.1.10 allows ../ directory traversal by an actor who is able to control the final part of the path parameter in a load_chain call. This bypasses the intended behavior of loading configurations only from the hwchase17/langchain-hub GitHub repository. The outcome can be disclosure of an API key for a large language model online service, or remote code execution. (A patch is available as of release 0.1.29 of langchain-core.)", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:00:45.400995", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/PinkDraconian/PoC-Langchain-RCE/blob/main/README.md", }, { url: "https://github.com/langchain-ai/langchain/blob/f96dd57501131840b713ed7c2e86cbf1ddc2761f/libs/core/langchain_core/utils/loading.py", }, { url: "https://github.com/langchain-ai/langchain/pull/18600", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-28088", datePublished: "2024-03-03T00:00:00", dateReserved: "2024-03-03T00:00:00", dateUpdated: "2024-08-26T19:44:45.330Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-34541
Vulnerability from cvelistv5
Published
2023-06-20 00:00
Modified
2024-12-09 21:11
Severity ?
EPSS score ?
Summary
Langchain 0.0.171 is vulnerable to Arbitrary code execution in load_prompt.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T16:10:07.127Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/hwchase17/langchain/issues/4849", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-34541", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-12-09T21:10:29.367555Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-09T21:11:02.484Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Langchain 0.0.171 is vulnerable to Arbitrary code execution in load_prompt.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-20T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/hwchase17/langchain/issues/4849", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-34541", datePublished: "2023-06-20T00:00:00", dateReserved: "2023-06-07T00:00:00", dateUpdated: "2024-12-09T21:11:02.484Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-2965
Vulnerability from cvelistv5
Published
2024-06-06 18:52
Modified
2024-11-03 18:27
Severity ?
EPSS score ?
Summary
A Denial-of-Service (DoS) vulnerability exists in the `SitemapLoader` class of the `langchain-ai/langchain` repository, affecting all versions. The `parse_sitemap` method, responsible for parsing sitemaps and extracting URLs, lacks a mechanism to prevent infinite recursion when a sitemap URL refers to the current sitemap itself. This oversight allows for the possibility of an infinite loop, leading to a crash by exceeding the maximum recursion depth in Python. This vulnerability can be exploited to occupy server socket/port resources and crash the Python process, impacting the availability of services relying on this functionality.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| langchain-ai | langchain-ai/langchain |
Version: unspecified < 0.2.5 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:langchain:langchain:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "langchain", vendor: "langchain", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-2965", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-06-07T13:30:27.318825Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-07T19:03:21.881Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T19:32:42.613Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.com/bounties/90b0776d-9fa6-4841-aac4-09fde5918cae", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "langchain-ai/langchain", vendor: "langchain-ai", versions: [ { lessThan: "0.2.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A Denial-of-Service (DoS) vulnerability exists in the `SitemapLoader` class of the `langchain-ai/langchain` repository, affecting all versions. The `parse_sitemap` method, responsible for parsing sitemaps and extracting URLs, lacks a mechanism to prevent infinite recursion when a sitemap URL refers to the current sitemap itself. This oversight allows for the possibility of an infinite loop, leading to a crash by exceeding the maximum recursion depth in Python. This vulnerability can be exploited to occupy server socket/port resources and crash the Python process, impacting the availability of services relying on this functionality.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "PHYSICAL", availabilityImpact: "HIGH", baseScore: 4.2, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-674", description: "CWE-674 Uncontrolled Recursion", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-03T18:27:21.374Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntr_ai", }, references: [ { url: "https://huntr.com/bounties/90b0776d-9fa6-4841-aac4-09fde5918cae", }, { url: "https://github.com/langchain-ai/langchain/commit/73c42306745b0831aa6fe7fe4eeb70d2c2d87a82", }, ], source: { advisory: "90b0776d-9fa6-4841-aac4-09fde5918cae", discovery: "EXTERNAL", }, title: "Denial-of-Service in LangChain SitemapLoader in langchain-ai/langchain", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntr_ai", cveId: "CVE-2024-2965", datePublished: "2024-06-06T18:52:54.353Z", dateReserved: "2024-03-26T19:55:25.763Z", dateUpdated: "2024-11-03T18:27:21.374Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-39631
Vulnerability from cvelistv5
Published
2023-09-01 00:00
Modified
2024-10-01 13:18
Severity ?
EPSS score ?
Summary
An issue in LanChain-ai Langchain v.0.0.245 allows a remote attacker to execute arbitrary code via the evaluate function in the numexpr library.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T18:18:09.557Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/langchain-ai/langchain/issues/8363", }, { tags: [ "x_transferred", ], url: "https://github.com/pydata/numexpr/issues/442", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-39631", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-01T13:18:27.452725Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-01T13:18:38.891Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue in LanChain-ai Langchain v.0.0.245 allows a remote attacker to execute arbitrary code via the evaluate function in the numexpr library.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-01T15:04:06.697255", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/langchain-ai/langchain/issues/8363", }, { url: "https://github.com/pydata/numexpr/issues/442", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-39631", datePublished: "2023-09-01T00:00:00", dateReserved: "2023-08-07T00:00:00", dateUpdated: "2024-10-01T13:18:38.891Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-39659
Vulnerability from cvelistv5
Published
2023-08-15 00:00
Modified
2024-10-08 20:28
Severity ?
EPSS score ?
Summary
An issue in langchain langchain-ai v.0.0.232 and before allows a remote attacker to execute arbitrary code via a crafted script to the PythonAstREPLTool._run component.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T18:18:09.918Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/langchain-ai/langchain/issues/7700", }, { tags: [ "x_transferred", ], url: "https://github.com/langchain-ai/langchain/pull/5640", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-39659", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-08T20:27:51.396274Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-08T20:28:08.726Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue in langchain langchain-ai v.0.0.232 and before allows a remote attacker to execute arbitrary code via a crafted script to the PythonAstREPLTool._run component.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-08-15T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/langchain-ai/langchain/issues/7700", }, { url: "https://github.com/langchain-ai/langchain/pull/5640", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-39659", datePublished: "2023-08-15T00:00:00", dateReserved: "2023-08-07T00:00:00", dateUpdated: "2024-10-08T20:28:08.726Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-8309
Vulnerability from cvelistv5
Published
2024-10-29 12:50
Modified
2024-10-29 18:14
Severity ?
EPSS score ?
Summary
A vulnerability in the GraphCypherQAChain class of langchain-ai/langchain version 0.2.5 allows for SQL injection through prompt injection. This vulnerability can lead to unauthorized data manipulation, data exfiltration, denial of service (DoS) by deleting all data, breaches in multi-tenant security environments, and data integrity issues. Attackers can create, update, or delete nodes and relationships without proper authorization, extract sensitive data, disrupt services, access data across different tenants, and compromise the integrity of the database.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| langchain-ai | langchain-ai/langchain |
Version: unspecified < 0.3.0 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:langchain-ai:langchain:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "langchain", vendor: "langchain-ai", versions: [ { lessThan: "0.3.0", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-8309", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-29T13:50:16.254824Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-29T18:14:46.661Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "langchain-ai/langchain", vendor: "langchain-ai", versions: [ { lessThan: "0.3.0", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability in the GraphCypherQAChain class of langchain-ai/langchain version 0.2.5 allows for SQL injection through prompt injection. This vulnerability can lead to unauthorized data manipulation, data exfiltration, denial of service (DoS) by deleting all data, breaches in multi-tenant security environments, and data integrity issues. Attackers can create, update, or delete nodes and relationships without proper authorization, extract sensitive data, disrupt services, access data across different tenants, and compromise the integrity of the database.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89 Improper Neutralization of Special Elements used in an SQL Command", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-29T12:50:13.198Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntr_ai", }, references: [ { url: "https://huntr.com/bounties/8f4ad910-7fdc-4089-8f0a-b5df5f32e7c5", }, { url: "https://github.com/langchain-ai/langchain/commit/c2a3021bb0c5f54649d380b42a0684ca5778c255", }, ], source: { advisory: "8f4ad910-7fdc-4089-8f0a-b5df5f32e7c5", discovery: "EXTERNAL", }, title: "SQL Injection in langchain-ai/langchain", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntr_ai", cveId: "CVE-2024-8309", datePublished: "2024-10-29T12:50:13.198Z", dateReserved: "2024-08-29T13:51:04.837Z", dateUpdated: "2024-10-29T18:14:46.661Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-32786
Vulnerability from cvelistv5
Published
2023-10-20 00:00
Modified
2024-09-12 17:54
Severity ?
EPSS score ?
Summary
In Langchain through 0.0.155, prompt injection allows an attacker to force the service to retrieve data from an arbitrary URL, essentially providing SSRF and potentially injecting content into downstream tasks.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:25:37.167Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://gist.github.com/rharang/d265f46fc3161b31ac2e81db44d662e1", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-32786", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-12T17:54:35.834317Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-12T17:54:54.643Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "In Langchain through 0.0.155, prompt injection allows an attacker to force the service to retrieve data from an arbitrary URL, essentially providing SSRF and potentially injecting content into downstream tasks.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-10-20T21:09:41.414194", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://gist.github.com/rharang/d265f46fc3161b31ac2e81db44d662e1", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-32786", datePublished: "2023-10-20T00:00:00", dateReserved: "2023-05-15T00:00:00", dateUpdated: "2024-09-12T17:54:54.643Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-2057
Vulnerability from cvelistv5
Published
2024-03-01 11:31
Modified
2024-08-01 19:03
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS score ?
Summary
A vulnerability was found in LangChain langchain_community 0.0.26. It has been classified as critical. Affected is the function load_local in the library libs/community/langchain_community/retrievers/tfidf.py of the component TFIDFRetriever. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.0.27 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-255372.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.255372 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.255372 | signature, permissions-required | |
| https://github.com/bayuncao/vul-cve-16 | broken-link | |
| https://github.com/bayuncao/vul-cve-16/tree/main/PoC.pkl | broken-link, exploit | |
| https://github.com/langchain-ai/langchain/pull/18695 | issue-tracking, patch |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| LangChain | langchain_community |
Version: 0.0.26 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-2057", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-03-01T15:53:59.467628Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-05T17:22:05.988Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T19:03:39.093Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "VDB-255372 | LangChain langchain_community TFIDFRetriever tfidf.py load_local server-side request forgery", tags: [ "vdb-entry", "technical-description", "x_transferred", ], url: "https://vuldb.com/?id.255372", }, { name: "VDB-255372 | CTI Indicators (IOB, IOC, IOA)", tags: [ "signature", "permissions-required", "x_transferred", ], url: "https://vuldb.com/?ctiid.255372", }, { tags: [ "broken-link", "x_transferred", ], url: "https://github.com/bayuncao/vul-cve-16", }, { tags: [ "broken-link", "exploit", "x_transferred", ], url: "https://github.com/bayuncao/vul-cve-16/tree/main/PoC.pkl", }, { tags: [ "issue-tracking", "patch", "x_transferred", ], url: "https://github.com/langchain-ai/langchain/pull/18695", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { modules: [ "TFIDFRetriever", ], product: "langchain_community", vendor: "LangChain", versions: [ { status: "affected", version: "0.0.26", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "bayuncao (VulDB User)", }, ], descriptions: [ { lang: "en", value: "A vulnerability was found in LangChain langchain_community 0.0.26. It has been classified as critical. Affected is the function load_local in the library libs/community/langchain_community/retrievers/tfidf.py of the component TFIDFRetriever. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.0.27 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-255372.", }, { lang: "de", value: "Es wurde eine kritische Schwachstelle in LangChain langchain_community 0.0.26 ausgemacht. Es geht dabei um die Funktion load_local in der Bibliothek libs/community/langchain_community/retrievers/tfidf.py der Komponente TFIDFRetriever. Durch das Manipulieren mit unbekannten Daten kann eine server-side request forgery-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung. Ein Aktualisieren auf die Version 0.0.27 vermag dieses Problem zu lösen. Als bestmögliche Massnahme wird das Einspielen eines Upgrades empfohlen.", }, ], metrics: [ { cvssV3_1: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, }, { cvssV3_0: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, }, { cvssV2_0: { baseScore: 6.5, vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-918", description: "CWE-918 Server-Side Request Forgery", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T16:11:21.182Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { name: "VDB-255372 | LangChain langchain_community TFIDFRetriever tfidf.py load_local server-side request forgery", tags: [ "vdb-entry", "technical-description", ], url: "https://vuldb.com/?id.255372", }, { name: "VDB-255372 | CTI Indicators (IOB, IOC, IOA)", tags: [ "signature", "permissions-required", ], url: "https://vuldb.com/?ctiid.255372", }, { tags: [ "broken-link", ], url: "https://github.com/bayuncao/vul-cve-16", }, { tags: [ "broken-link", "exploit", ], url: "https://github.com/bayuncao/vul-cve-16/tree/main/PoC.pkl", }, { tags: [ "issue-tracking", "patch", ], url: "https://github.com/langchain-ai/langchain/pull/18695", }, ], timeline: [ { lang: "en", time: "2024-03-01T00:00:00.000Z", value: "Advisory disclosed", }, { lang: "en", time: "2024-03-01T01:00:00.000Z", value: "VulDB entry created", }, { lang: "en", time: "2024-03-13T17:16:14.000Z", value: "VulDB entry last update", }, ], title: "LangChain langchain_community TFIDFRetriever tfidf.py load_local server-side request forgery", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2024-2057", datePublished: "2024-03-01T11:31:04.385Z", dateReserved: "2024-03-01T06:41:06.479Z", dateUpdated: "2024-08-01T19:03:39.093Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-7774
Vulnerability from cvelistv5
Published
2024-10-29 12:49
Modified
2024-10-29 13:31
Severity ?
EPSS score ?
Summary
A path traversal vulnerability exists in the `getFullPath` method of langchain-ai/langchainjs version 0.2.5. This vulnerability allows attackers to save files anywhere in the filesystem, overwrite existing text files, read `.txt` files, and delete files. The vulnerability is exploited through the `setFileContent`, `getParsedFile`, and `mdelete` methods, which do not properly sanitize user input.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| langchain-ai | langchain-ai/langchainjs |
Version: unspecified < 0.2.19 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:langchain-ai:langchain-ai\\/langchainjs:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "langchain-ai\\/langchainjs", vendor: "langchain-ai", versions: [ { lessThan: "0.2.19", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-7774", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-29T13:28:45.771600Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-29T13:31:38.566Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "langchain-ai/langchainjs", vendor: "langchain-ai", versions: [ { lessThan: "0.2.19", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A path traversal vulnerability exists in the `getFullPath` method of langchain-ai/langchainjs version 0.2.5. This vulnerability allows attackers to save files anywhere in the filesystem, overwrite existing text files, read `.txt` files, and delete files. The vulnerability is exploited through the `setFileContent`, `getParsedFile`, and `mdelete` methods, which do not properly sanitize user input.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-29", description: "CWE-29 Path Traversal: '\\..\\filename'", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-29T12:49:21.165Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntr_ai", }, references: [ { url: "https://huntr.com/bounties/8fe40685-b714-4191-af7a-3de5e5628cee", }, { url: "https://github.com/langchain-ai/langchainjs/commit/a0fad77d6b569e5872bd4a9d33be0c0785e538a9", }, ], source: { advisory: "8fe40685-b714-4191-af7a-3de5e5628cee", discovery: "EXTERNAL", }, title: "Path Traversal in langchain-ai/langchainjs", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntr_ai", cveId: "CVE-2024-7774", datePublished: "2024-10-29T12:49:21.165Z", dateReserved: "2024-08-13T21:13:38.960Z", dateUpdated: "2024-10-29T13:31:38.566Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-29374
Vulnerability from cvelistv5
Published
2023-04-05 00:00
Modified
2025-02-12 16:24
Severity ?
EPSS score ?
Summary
In LangChain through 0.0.131, the LLMMathChain chain allows prompt injection attacks that can execute arbitrary code via the Python exec method.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T14:07:45.736Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/hwchase17/langchain/pull/1119", }, { tags: [ "x_transferred", ], url: "https://github.com/hwchase17/langchain/issues/814", }, { tags: [ "x_transferred", ], url: "https://twitter.com/rharang/status/1641899743608463365/photo/1", }, { tags: [ "x_transferred", ], url: "https://github.com/hwchase17/langchain/issues/1026", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-29374", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-12T16:14:23.167174Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-74", description: "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-12T16:24:39.291Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "In LangChain through 0.0.131, the LLMMathChain chain allows prompt injection attacks that can execute arbitrary code via the Python exec method.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-04-05T00:00:00.000Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/hwchase17/langchain/pull/1119", }, { url: "https://github.com/hwchase17/langchain/issues/814", }, { url: "https://twitter.com/rharang/status/1641899743608463365/photo/1", }, { url: "https://github.com/hwchase17/langchain/issues/1026", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-29374", datePublished: "2023-04-05T00:00:00.000Z", dateReserved: "2023-04-05T00:00:00.000Z", dateUpdated: "2025-02-12T16:24:39.291Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-36188
Vulnerability from cvelistv5
Published
2023-07-06 00:00
Modified
2024-11-19 19:03
Severity ?
EPSS score ?
Summary
An issue in langchain v.0.0.64 allows a remote attacker to execute arbitrary code via the PALChain parameter in the Python exec method.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T16:37:41.272Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/hwchase17/langchain/issues/5872", }, { tags: [ "x_transferred", ], url: "https://github.com/hwchase17/langchain/pull/6003", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-36188", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-19T19:03:12.158410Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-19T19:03:23.673Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue in langchain v.0.0.64 allows a remote attacker to execute arbitrary code via the PALChain parameter in the Python exec method.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-07-06T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/hwchase17/langchain/issues/5872", }, { url: "https://github.com/hwchase17/langchain/pull/6003", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-36188", datePublished: "2023-07-06T00:00:00", dateReserved: "2023-06-21T00:00:00", dateUpdated: "2024-11-19T19:03:23.673Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-36189
Vulnerability from cvelistv5
Published
2023-07-06 00:00
Modified
2024-10-15 18:34
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in langchain before v0.0.247 allows a remote attacker to obtain sensitive information via the SQLDatabaseChain component.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T16:45:54.600Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://gist.github.com/rharang/9c58d39db8c01db5b7c888e467c0533f", }, { tags: [ "x_transferred", ], url: "https://github.com/hwchase17/langchain/issues/5923", }, { tags: [ "x_transferred", ], url: "https://github.com/hwchase17/langchain/pull/6051", }, { tags: [ "x_transferred", ], url: "https://github.com/langchain-ai/langchain/issues/5923#issuecomment-1696053841", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2023-36189", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-15T17:29:03.890697Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-15T18:34:19.405Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "SQL injection vulnerability in langchain before v0.0.247 allows a remote attacker to obtain sensitive information via the SQLDatabaseChain component.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-26T17:38:10.684464", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://gist.github.com/rharang/9c58d39db8c01db5b7c888e467c0533f", }, { url: "https://github.com/hwchase17/langchain/issues/5923", }, { url: "https://github.com/hwchase17/langchain/pull/6051", }, { url: "https://github.com/langchain-ai/langchain/issues/5923#issuecomment-1696053841", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-36189", datePublished: "2023-07-06T00:00:00", dateReserved: "2023-06-21T00:00:00", dateUpdated: "2024-10-15T18:34:19.405Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2023-08-05 03:15
Modified
2024-11-21 08:09
Severity ?
Summary
An issue in Harrison Chase langchain v.0.0.194 allows an attacker to execute arbitrary code via the python exec calls in the PALChain, affected functions include from_math_prompt and from_colored_object_prompt.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://langchain.com | Product | |
| cve@mitre.org | https://github.com/hwchase17/langchain | Product | |
| cve@mitre.org | https://github.com/langchain-ai/langchain/issues/5872 | Exploit, Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://langchain.com | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/hwchase17/langchain | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/langchain-ai/langchain/issues/5872 | Exploit, Issue Tracking, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:langchain:langchain:0.0.194:*:*:*:*:*:*:*", matchCriteriaId: "7186FBDD-894A-41C2-A682-D7B2B95107C9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue in Harrison Chase langchain v.0.0.194 allows an attacker to execute arbitrary code via the python exec calls in the PALChain, affected functions include from_math_prompt and from_colored_object_prompt.", }, ], id: "CVE-2023-36095", lastModified: "2024-11-21T08:09:17.170", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-08-05T03:15:13.580", references: [ { source: "cve@mitre.org", tags: [ "Product", ], url: "http://langchain.com", }, { source: "cve@mitre.org", tags: [ "Product", ], url: "https://github.com/hwchase17/langchain", }, { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://github.com/langchain-ai/langchain/issues/5872", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "http://langchain.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "https://github.com/hwchase17/langchain", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://github.com/langchain-ai/langchain/issues/5872", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-94", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-07-06 14:15
Modified
2024-11-21 08:09
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
SQL injection vulnerability in langchain before v0.0.247 allows a remote attacker to obtain sensitive information via the SQLDatabaseChain component.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:langchain:langchain:0.0.64:*:*:*:*:*:*:*", matchCriteriaId: "0D9CEC27-1B1B-4365-82F1-2538DD3F158D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "SQL injection vulnerability in langchain before v0.0.247 allows a remote attacker to obtain sensitive information via the SQLDatabaseChain component.", }, ], id: "CVE-2023-36189", lastModified: "2024-11-21T08:09:23.737", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-07-06T14:15:10.707", references: [ { source: "cve@mitre.org", url: "https://gist.github.com/rharang/9c58d39db8c01db5b7c888e467c0533f", }, { source: "cve@mitre.org", tags: [ "Exploit", ], url: "https://github.com/hwchase17/langchain/issues/5923", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "https://github.com/hwchase17/langchain/pull/6051", }, { source: "cve@mitre.org", url: "https://github.com/langchain-ai/langchain/issues/5923#issuecomment-1696053841", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://gist.github.com/rharang/9c58d39db8c01db5b7c888e467c0533f", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://github.com/hwchase17/langchain/issues/5923", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/hwchase17/langchain/pull/6051", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://github.com/langchain-ai/langchain/issues/5923#issuecomment-1696053841", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-89", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-04-05 02:15
Modified
2025-02-12 17:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
In LangChain through 0.0.131, the LLMMathChain chain allows prompt injection attacks that can execute arbitrary code via the Python exec method.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:langchain:langchain:*:*:*:*:*:*:*:*", matchCriteriaId: "7C55CEFC-7C13-4D07-A223-1C5E9F7BBF25", versionEndIncluding: "0.0.131", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In LangChain through 0.0.131, the LLMMathChain chain allows prompt injection attacks that can execute arbitrary code via the Python exec method.", }, ], id: "CVE-2023-29374", lastModified: "2025-02-12T17:15:18.260", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-04-05T02:15:37.340", references: [ { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://github.com/hwchase17/langchain/issues/1026", }, { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Patch", ], url: "https://github.com/hwchase17/langchain/issues/814", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "https://github.com/hwchase17/langchain/pull/1119", }, { source: "cve@mitre.org", tags: [ "Exploit", ], url: "https://twitter.com/rharang/status/1641899743608463365/photo/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://github.com/hwchase17/langchain/issues/1026", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Patch", ], url: "https://github.com/hwchase17/langchain/issues/814", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/hwchase17/langchain/pull/1119", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://twitter.com/rharang/status/1641899743608463365/photo/1", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-74", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-74", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-08-22 19:16
Modified
2024-11-21 08:09
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
An issue in langchain v.0.0.171 allows a remote attacker to execute arbitrary code via a JSON file to load_prompt. This is related to __subclasses__ or a template.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://aisec.today/LangChain-2e6244a313dd46139c5ef28cbcab9e55 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://github.com/hwchase17/langchain/issues/4394 | Exploit, Issue Tracking, Vendor Advisory | |
| cve@mitre.org | https://github.com/langchain-ai/langchain/releases/tag/v0.0.312 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://aisec.today/LangChain-2e6244a313dd46139c5ef28cbcab9e55 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/hwchase17/langchain/issues/4394 | Exploit, Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/langchain-ai/langchain/releases/tag/v0.0.312 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:langchain:langchain:0.0.171:*:*:*:*:*:*:*", matchCriteriaId: "D8235D79-2666-4DEE-B6A2-A5DE48FB42C6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue in langchain v.0.0.171 allows a remote attacker to execute arbitrary code via a JSON file to load_prompt. This is related to __subclasses__ or a template.", }, ], id: "CVE-2023-36281", lastModified: "2024-11-21T08:09:29.293", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-08-22T19:16:36.457", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://aisec.today/LangChain-2e6244a313dd46139c5ef28cbcab9e55", }, { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://github.com/hwchase17/langchain/issues/4394", }, { source: "cve@mitre.org", url: "https://github.com/langchain-ai/langchain/releases/tag/v0.0.312", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://aisec.today/LangChain-2e6244a313dd46139c5ef28cbcab9e55", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://github.com/hwchase17/langchain/issues/4394", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://github.com/langchain-ai/langchain/releases/tag/v0.0.312", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-94", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-94", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-06-06 19:15
Modified
2024-11-21 09:10
Severity ?
Summary
A Denial-of-Service (DoS) vulnerability exists in the `SitemapLoader` class of the `langchain-ai/langchain` repository, affecting all versions. The `parse_sitemap` method, responsible for parsing sitemaps and extracting URLs, lacks a mechanism to prevent infinite recursion when a sitemap URL refers to the current sitemap itself. This oversight allows for the possibility of an infinite loop, leading to a crash by exceeding the maximum recursion depth in Python. This vulnerability can be exploited to occupy server socket/port resources and crash the Python process, impacting the availability of services relying on this functionality.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:langchain:langchain:*:*:*:*:*:*:*:*", matchCriteriaId: "9A6F06FB-8127-41C1-A077-6C0B9E45B58E", versionEndExcluding: "0.2.5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A Denial-of-Service (DoS) vulnerability exists in the `SitemapLoader` class of the `langchain-ai/langchain` repository, affecting all versions. The `parse_sitemap` method, responsible for parsing sitemaps and extracting URLs, lacks a mechanism to prevent infinite recursion when a sitemap URL refers to the current sitemap itself. This oversight allows for the possibility of an infinite loop, leading to a crash by exceeding the maximum recursion depth in Python. This vulnerability can be exploited to occupy server socket/port resources and crash the Python process, impacting the availability of services relying on this functionality.", }, { lang: "es", value: "Existe una vulnerabilidad de denegación de servicio (DoS) en la clase `SitemapLoader` del repositorio `langchain-ai/langchain`, que afecta a todas las versiones. El método `parse_sitemap`, responsable de analizar mapas de sitio y extraer URL, carece de un mecanismo para evitar la recursividad infinita cuando la URL de un mapa de sitio hace referencia al propio mapa de sitio actual. Este descuido permite la posibilidad de que se produzca un bucle infinito, lo que provocará un bloqueo al exceder la profundidad máxima de recursividad en Python. Esta vulnerabilidad se puede aprovechar para ocupar recursos de puerto/socket del servidor y bloquear el proceso de Python, lo que afecta la disponibilidad de los servicios que dependen de esta funcionalidad.", }, ], id: "CVE-2024-2965", lastModified: "2024-11-21T09:10:56.847", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "PHYSICAL", availabilityImpact: "HIGH", baseScore: 4.2, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 0.5, impactScore: 3.6, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 4.7, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-06-06T19:15:55.897", references: [ { source: "security@huntr.dev", url: "https://github.com/langchain-ai/langchain/commit/73c42306745b0831aa6fe7fe4eeb70d2c2d87a82", }, { source: "security@huntr.dev", tags: [ "Exploit", "Third Party Advisory", ], url: "https://huntr.com/bounties/90b0776d-9fa6-4841-aac4-09fde5918cae", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://huntr.com/bounties/90b0776d-9fa6-4841-aac4-09fde5918cae", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-674", }, ], source: "security@huntr.dev", type: "Primary", }, { description: [ { lang: "en", value: "CWE-674", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-07-03 21:15
Modified
2024-11-22 17:15
Severity ?
Summary
An issue in LangChain before 0.0.236 allows an attacker to execute arbitrary code because Python code with os.system, exec, or eval can be used.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/hwchase17/langchain/issues/5872 | Exploit, Issue Tracking, Mitigation | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/hwchase17/langchain/issues/5872 | Exploit, Issue Tracking, Mitigation |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:langchain:langchain:0.0.199:*:*:*:*:*:*:*", matchCriteriaId: "99FB5025-85A6-41B6-B0DC-7D34C5FCFB6A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue in LangChain before 0.0.236 allows an attacker to execute arbitrary code because Python code with os.system, exec, or eval can be used.", }, ], id: "CVE-2023-36258", lastModified: "2024-11-22T17:15:05.750", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-07-03T21:15:09.797", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Mitigation", ], url: "https://github.com/hwchase17/langchain/issues/5872", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Mitigation", ], url: "https://github.com/hwchase17/langchain/issues/5872", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-94", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-10-29 13:15
Modified
2024-10-31 18:36
Severity ?
Summary
A vulnerability in the GraphCypherQAChain class of langchain-ai/langchainjs versions 0.2.5 and all versions with this class allows for prompt injection, leading to SQL injection. This vulnerability permits unauthorized data manipulation, data exfiltration, denial of service (DoS) by deleting all data, breaches in multi-tenant security environments, and data integrity issues. Attackers can create, update, or delete nodes and relationships without proper authorization, extract sensitive data, disrupt services, access data across different tenants, and compromise the integrity of the database.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:langchain:langchain:*:*:*:*:*:*:*:*", matchCriteriaId: "46A65E02-4E54-49B9-942F-BDD1555CCA4B", versionEndExcluding: "0.3.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the GraphCypherQAChain class of langchain-ai/langchainjs versions 0.2.5 and all versions with this class allows for prompt injection, leading to SQL injection. This vulnerability permits unauthorized data manipulation, data exfiltration, denial of service (DoS) by deleting all data, breaches in multi-tenant security environments, and data integrity issues. Attackers can create, update, or delete nodes and relationships without proper authorization, extract sensitive data, disrupt services, access data across different tenants, and compromise the integrity of the database.", }, { lang: "es", value: "Una vulnerabilidad en la clase GraphCypherQAChain de langchain-ai/langchainjs versiones 0.2.5 y todas las versiones con esta clase permite la inyección rápida, lo que lleva a la inyección SQL. Esta vulnerabilidad permite la manipulación no autorizada de datos, la exfiltración de datos, la denegación de servicio (DoS) mediante la eliminación de todos los datos, las infracciones en entornos de seguridad de múltiples tenants y los problemas de integridad de los datos. Los atacantes pueden crear, actualizar o eliminar nodos y relaciones sin la autorización adecuada, extraer datos confidenciales, interrumpir servicios, acceder a datos en diferentes tenants y comprometer la integridad de la base de datos.", }, ], id: "CVE-2024-7042", lastModified: "2024-10-31T18:36:30.140", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, exploitabilityScore: 1.4, impactScore: 3.4, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-10-29T13:15:08.883", references: [ { source: "security@huntr.dev", tags: [ "Patch", ], url: "https://github.com/langchain-ai/langchainjs/commit/615b9d9ab30a2d23a2f95fb8d7acfdf4b41ad7a6", }, { source: "security@huntr.dev", tags: [ "Exploit", "Third Party Advisory", ], url: "https://huntr.com/bounties/b612defb-1104-4fff-9fef-001ab07c7b2d", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "security@huntr.dev", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-06-20 15:15
Modified
2024-12-09 22:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Langchain 0.0.171 is vulnerable to Arbitrary code execution in load_prompt.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/hwchase17/langchain/issues/4849 | Exploit, Issue Tracking | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/hwchase17/langchain/issues/4849 | Exploit, Issue Tracking |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:langchain:langchain:0.0.171:*:*:*:*:*:*:*", matchCriteriaId: "D8235D79-2666-4DEE-B6A2-A5DE48FB42C6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Langchain 0.0.171 is vulnerable to Arbitrary code execution in load_prompt.", }, ], id: "CVE-2023-34541", lastModified: "2024-12-09T22:15:21.740", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-06-20T15:15:11.727", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", ], url: "https://github.com/hwchase17/langchain/issues/4849", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", ], url: "https://github.com/hwchase17/langchain/issues/4849", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-06-14 15:15
Modified
2024-11-21 08:07
Severity ?
Summary
Langchain before v0.0.225 was discovered to contain a remote code execution (RCE) vulnerability in the component JiraAPIWrapper (aka the JIRA API wrapper). This vulnerability allows attackers to execute arbitrary code via crafted input. As noted in the "releases/tag" reference, a fix is available.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:langchain:langchain:0.0.171:*:*:*:*:*:*:*", matchCriteriaId: "D8235D79-2666-4DEE-B6A2-A5DE48FB42C6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Langchain before v0.0.225 was discovered to contain a remote code execution (RCE) vulnerability in the component JiraAPIWrapper (aka the JIRA API wrapper). This vulnerability allows attackers to execute arbitrary code via crafted input. As noted in the \"releases/tag\" reference, a fix is available.", }, ], id: "CVE-2023-34540", lastModified: "2024-11-21T08:07:21.550", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-06-14T15:15:10.287", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", ], url: "https://github.com/hwchase17/langchain/issues/4833", }, { source: "cve@mitre.org", url: "https://github.com/langchain-ai/langchain/pull/6992", }, { source: "cve@mitre.org", url: "https://github.com/langchain-ai/langchain/releases/tag/v0.0.225", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", ], url: "https://github.com/hwchase17/langchain/issues/4833", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://github.com/langchain-ai/langchain/pull/6992", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://github.com/langchain-ai/langchain/releases/tag/v0.0.225", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-06-06 19:15
Modified
2024-11-21 09:28
Severity ?
Summary
A Server-Side Request Forgery (SSRF) vulnerability exists in the Web Research Retriever component of langchain-ai/langchain version 0.1.5. The vulnerability arises because the Web Research Retriever does not restrict requests to remote internet addresses, allowing it to reach local addresses. This flaw enables attackers to execute port scans, access local services, and in some scenarios, read instance metadata from cloud environments. The vulnerability is particularly concerning as it can be exploited to abuse the Web Explorer server as a proxy for web attacks on third parties and interact with servers in the local network, including reading their response data. This could potentially lead to arbitrary code execution, depending on the nature of the local services. The vulnerability is limited to GET requests, as POST requests are not possible, but the impact on confidentiality, integrity, and availability is significant due to the potential for stolen credentials and state-changing interactions with internal APIs.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://huntr.com/bounties/e62d4895-2901-405b-9559-38276b6a5273 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.com/bounties/e62d4895-2901-405b-9559-38276b6a5273 | Exploit, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:langchain:langchain:*:*:*:*:*:*:*:*", matchCriteriaId: "4103934E-CAC9-4D54-9A36-3029ED822228", versionEndExcluding: "0.2.9", versionStartIncluding: "0.1.5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A Server-Side Request Forgery (SSRF) vulnerability exists in the Web Research Retriever component of langchain-ai/langchain version 0.1.5. The vulnerability arises because the Web Research Retriever does not restrict requests to remote internet addresses, allowing it to reach local addresses. This flaw enables attackers to execute port scans, access local services, and in some scenarios, read instance metadata from cloud environments. The vulnerability is particularly concerning as it can be exploited to abuse the Web Explorer server as a proxy for web attacks on third parties and interact with servers in the local network, including reading their response data. This could potentially lead to arbitrary code execution, depending on the nature of the local services. The vulnerability is limited to GET requests, as POST requests are not possible, but the impact on confidentiality, integrity, and availability is significant due to the potential for stolen credentials and state-changing interactions with internal APIs.", }, { lang: "es", value: "Existe una vulnerabilidad de Server-Side Request Forgery (SSRF) en el componente Web Research Retriever de langchain-ai/langchain versión 0.1.5. La vulnerabilidad surge porque Web Research Retriever no restringe las solicitudes a direcciones de Internet remotas, lo que le permite llegar a direcciones locales. Esta falla permite a los atacantes ejecutar escaneos de puertos, acceder a servicios locales y, en algunos escenarios, leer metadatos de instancias de entornos de nube. La vulnerabilidad es particularmente preocupante ya que puede explotarse para abusar del servidor Web Explorer como proxy para ataques web a terceros e interactuar con servidores en la red local, incluida la lectura de sus datos de respuesta. Esto podría conducir potencialmente a la ejecución de código arbitrario, dependiendo de la naturaleza de los servicios locales. La vulnerabilidad se limita a las solicitudes GET, ya que las solicitudes POST no son posibles, pero el impacto en la confidencialidad, la integridad y la disponibilidad es significativo debido al potencial de robo de credenciales e interacciones de cambio de estado con las API internas.", }, ], id: "CVE-2024-3095", lastModified: "2024-11-21T09:28:53.367", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "PHYSICAL", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 0.4, impactScore: 4, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.1, impactScore: 4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-06-06T19:15:59.160", references: [ { source: "security@huntr.dev", tags: [ "Exploit", "Third Party Advisory", ], url: "https://huntr.com/bounties/e62d4895-2901-405b-9559-38276b6a5273", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://huntr.com/bounties/e62d4895-2901-405b-9559-38276b6a5273", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-918", }, ], source: "security@huntr.dev", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-03-04 00:15
Modified
2025-01-08 16:13
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Summary
LangChain through 0.1.10 allows ../ directory traversal by an actor who is able to control the final part of the path parameter in a load_chain call. This bypasses the intended behavior of loading configurations only from the hwchase17/langchain-hub GitHub repository. The outcome can be disclosure of an API key for a large language model online service, or remote code execution. (A patch is available as of release 0.1.29 of langchain-core.)
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:langchain:langchain:*:*:*:*:*:*:*:*", matchCriteriaId: "2B206DB1-7431-4A55-A5E9-C6B29426AF56", versionEndExcluding: "0.1.12", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "LangChain through 0.1.10 allows ../ directory traversal by an actor who is able to control the final part of the path parameter in a load_chain call. This bypasses the intended behavior of loading configurations only from the hwchase17/langchain-hub GitHub repository. The outcome can be disclosure of an API key for a large language model online service, or remote code execution. (A patch is available as of release 0.1.29 of langchain-core.)", }, { lang: "es", value: "LangChain hasta 0.1.10 permite el Directory Traversal ../ por parte de un actor que puede controlar la parte final del parámetro de ruta en una llamada load_chain. Esto omite el comportamiento previsto de cargar configuraciones solo desde el repositorio GitHub hwchase17/langchain-hub. El resultado puede ser la divulgación de una clave API para un servicio en línea de modelo de lenguaje grande o la ejecución remota de código.", }, ], id: "CVE-2024-28088", lastModified: "2025-01-08T16:13:57.860", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.2, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-03-04T00:15:47.017", references: [ { source: "cve@mitre.org", tags: [ "Exploit", ], url: "https://github.com/PinkDraconian/PoC-Langchain-RCE/blob/main/README.md", }, { source: "cve@mitre.org", tags: [ "Product", "Third Party Advisory", ], url: "https://github.com/langchain-ai/langchain/blob/f96dd57501131840b713ed7c2e86cbf1ddc2761f/libs/core/langchain_core/utils/loading.py", }, { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Patch", ], url: "https://github.com/langchain-ai/langchain/pull/18600", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/PinkDraconian/PoC-Langchain-RCE/blob/main/README.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "https://github.com/langchain-ai/langchain/blob/f96dd57501131840b713ed7c2e86cbf1ddc2761f/libs/core/langchain_core/utils/loading.py", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Patch", ], url: "https://github.com/langchain-ai/langchain/pull/18600", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-31", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-08-15 17:15
Modified
2024-11-21 08:15
Severity ?
Summary
An issue in langchain langchain-ai v.0.0.232 and before allows a remote attacker to execute arbitrary code via a crafted script to the PythonAstREPLTool._run component.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/langchain-ai/langchain/issues/7700 | Exploit, Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://github.com/langchain-ai/langchain/pull/5640 | Issue Tracking, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/langchain-ai/langchain/issues/7700 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/langchain-ai/langchain/pull/5640 | Issue Tracking, Patch |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:langchain:langchain:*:*:*:*:*:*:*:*", matchCriteriaId: "BAFE4797-0C2C-4BBF-87A5-8747A3539923", versionEndIncluding: "0.0.232", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue in langchain langchain-ai v.0.0.232 and before allows a remote attacker to execute arbitrary code via a crafted script to the PythonAstREPLTool._run component.", }, { lang: "es", value: "Un problema en langchain langchain-ai v.0.0.232 y anteriores permite a un atacante remoto ejecutar código arbitrario a través de un script manipulado en el componente PythonAstREPLTool._run.", }, ], id: "CVE-2023-39659", lastModified: "2024-11-21T08:15:46.460", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-08-15T17:15:12.930", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://github.com/langchain-ai/langchain/issues/7700", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", ], url: "https://github.com/langchain-ai/langchain/pull/5640", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://github.com/langchain-ai/langchain/issues/7700", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", ], url: "https://github.com/langchain-ai/langchain/pull/5640", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-74", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-10-19 05:15
Modified
2024-11-21 08:28
Severity ?
Summary
LangChain before 0.0.317 allows SSRF via document_loaders/recursive_url_loader.py because crawling can proceed from an external server to an internal server.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:langchain:langchain:*:*:*:*:*:*:*:*", matchCriteriaId: "96BF88B4-C2B7-476C-8270-73C2DA83CD95", versionEndExcluding: "0.0.317", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "LangChain before 0.0.317 allows SSRF via document_loaders/recursive_url_loader.py because crawling can proceed from an external server to an internal server.", }, { lang: "es", value: "LangChain anterior a 0.0.317 permite SSRF a través de document_loaders/recursive_url_loader.py porque el rastreo puede proceder desde un servidor externo a un servidor interno.", }, ], id: "CVE-2023-46229", lastModified: "2024-11-21T08:28:07.320", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-10-19T05:15:58.737", references: [ { source: "cve@mitre.org", tags: [ "Patch", ], url: "https://github.com/langchain-ai/langchain/commit/9ecb7240a480720ec9d739b3877a52f76098a2b8", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://github.com/langchain-ai/langchain/pull/11925", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/langchain-ai/langchain/commit/9ecb7240a480720ec9d739b3877a52f76098a2b8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://github.com/langchain-ai/langchain/pull/11925", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-918", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-08-15 17:15
Modified
2024-11-21 08:14
Severity ?
Summary
An issue in Harrison Chase langchain v.0.0.194 and before allows a remote attacker to execute arbitrary code via the from_math_prompt and from_colored_object_prompt functions.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/hwchase17/langchain/issues/5872 | Exploit, Issue Tracking, Patch | |
| cve@mitre.org | https://github.com/hwchase17/langchain/pull/6003 | Patch | |
| cve@mitre.org | https://twitter.com/llm_sec/status/1668711587287375876 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/hwchase17/langchain/issues/5872 | Exploit, Issue Tracking, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/hwchase17/langchain/pull/6003 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://twitter.com/llm_sec/status/1668711587287375876 | Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:langchain:langchain:*:*:*:*:*:*:*:*", matchCriteriaId: "684470ED-FCDD-4CE3-8BD5-7CCAB07F53B7", versionEndIncluding: "0.0.194", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue in Harrison Chase langchain v.0.0.194 and before allows a remote attacker to execute arbitrary code via the from_math_prompt and from_colored_object_prompt functions.", }, { lang: "es", value: "Un problema en langchain v.0.0.194 de Harrison Chase y anteriores permite a un atacante remoto ejecutar código arbitrario a través de las funciones from_math_prompt y from_colored_object_prompt.", }, ], id: "CVE-2023-38896", lastModified: "2024-11-21T08:14:24.100", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-08-15T17:15:12.027", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Patch", ], url: "https://github.com/hwchase17/langchain/issues/5872", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "https://github.com/hwchase17/langchain/pull/6003", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://twitter.com/llm_sec/status/1668711587287375876", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Patch", ], url: "https://github.com/hwchase17/langchain/issues/5872", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/hwchase17/langchain/pull/6003", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://twitter.com/llm_sec/status/1668711587287375876", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-74", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-10-29 13:15
Modified
2024-11-01 19:19
Severity ?
Summary
A vulnerability in the GraphCypherQAChain class of langchain-ai/langchain version 0.2.5 allows for SQL injection through prompt injection. This vulnerability can lead to unauthorized data manipulation, data exfiltration, denial of service (DoS) by deleting all data, breaches in multi-tenant security environments, and data integrity issues. Attackers can create, update, or delete nodes and relationships without proper authorization, extract sensitive data, disrupt services, access data across different tenants, and compromise the integrity of the database.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:langchain:langchain:0.2.5:*:*:*:*:*:*:*", matchCriteriaId: "7B64914C-D055-40ED-91D4-BC39AB147771", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the GraphCypherQAChain class of langchain-ai/langchain version 0.2.5 allows for SQL injection through prompt injection. This vulnerability can lead to unauthorized data manipulation, data exfiltration, denial of service (DoS) by deleting all data, breaches in multi-tenant security environments, and data integrity issues. Attackers can create, update, or delete nodes and relationships without proper authorization, extract sensitive data, disrupt services, access data across different tenants, and compromise the integrity of the database.", }, { lang: "es", value: "Una vulnerabilidad en la clase GraphCypherQAChain de la versión 0.2.5 de langchain-ai/langchain permite la inyección de SQL a través de la inyección de mensajes. Esta vulnerabilidad puede provocar manipulación de datos no autorizada, exfiltración de datos, denegación de servicio (DoS) mediante la eliminación de todos los datos, infracciones en entornos de seguridad de múltiples tenants y problemas de integridad de los datos. Los atacantes pueden crear, actualizar o eliminar nodos y relaciones sin la debida autorización, extraer datos confidenciales, interrumpir servicios, acceder a datos de diferentes tenants y comprometer la integridad de la base de datos.", }, ], id: "CVE-2024-8309", lastModified: "2024-11-01T19:19:20.327", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, exploitabilityScore: 1.4, impactScore: 3.4, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-10-29T13:15:10.950", references: [ { source: "security@huntr.dev", tags: [ "Patch", ], url: "https://github.com/langchain-ai/langchain/commit/c2a3021bb0c5f54649d380b42a0684ca5778c255", }, { source: "security@huntr.dev", tags: [ "Exploit", "Third Party Advisory", ], url: "https://huntr.com/bounties/8f4ad910-7fdc-4089-8f0a-b5df5f32e7c5", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "security@huntr.dev", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-74", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-07-06 14:15
Modified
2024-11-21 08:09
Severity ?
Summary
An issue in langchain v.0.0.64 allows a remote attacker to execute arbitrary code via the PALChain parameter in the Python exec method.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:langchain:langchain:0.0.64:*:*:*:*:*:*:*", matchCriteriaId: "0D9CEC27-1B1B-4365-82F1-2538DD3F158D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue in langchain v.0.0.64 allows a remote attacker to execute arbitrary code via the PALChain parameter in the Python exec method.", }, ], id: "CVE-2023-36188", lastModified: "2024-11-21T08:09:23.577", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-07-06T14:15:10.663", references: [ { source: "cve@mitre.org", tags: [ "Exploit", ], url: "https://github.com/hwchase17/langchain/issues/5872", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "https://github.com/hwchase17/langchain/pull/6003", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://github.com/hwchase17/langchain/issues/5872", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/hwchase17/langchain/pull/6003", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-74", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-09-01 16:15
Modified
2024-11-21 08:15
Severity ?
Summary
An issue in LanChain-ai Langchain v.0.0.245 allows a remote attacker to execute arbitrary code via the evaluate function in the numexpr library.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/langchain-ai/langchain/issues/8363 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/pydata/numexpr/issues/442 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/langchain-ai/langchain/issues/8363 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/pydata/numexpr/issues/442 | Exploit, Issue Tracking, Patch, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:langchain:langchain:0.0.245:*:*:*:*:*:*:*", matchCriteriaId: "6573CC2E-2720-44F4-B560-17D6A56BDD3F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue in LanChain-ai Langchain v.0.0.245 allows a remote attacker to execute arbitrary code via the evaluate function in the numexpr library.", }, { lang: "es", value: "Un problema en LanChain-ai Langchain v.0.0.245 permite a un atacante remoto ejecutar código arbitrario a través de la función evaluate en numexpr library.", }, ], id: "CVE-2023-39631", lastModified: "2024-11-21T08:15:43.510", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-09-01T16:15:08.370", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://github.com/langchain-ai/langchain/issues/8363", }, { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://github.com/pydata/numexpr/issues/442", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://github.com/langchain-ai/langchain/issues/8363", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://github.com/pydata/numexpr/issues/442", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-94", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-02-26 16:27
Modified
2025-02-25 22:56
Severity ?
Summary
With the following crawler configuration:
```python
from bs4 import BeautifulSoup as Soup
url = "https://example.com"
loader = RecursiveUrlLoader(
url=url, max_depth=2, extractor=lambda x: Soup(x, "html.parser").text
)
docs = loader.load()
```
An attacker in control of the contents of `https://example.com` could place a malicious HTML file in there with links like "https://example.completely.different/my_file.html" and the crawler would proceed to download that file as well even though `prevent_outside=True`.
https://github.com/langchain-ai/langchain/blob/bf0b3cc0b5ade1fb95a5b1b6fa260e99064c2e22/libs/community/langchain_community/document_loaders/recursive_url_loader.py#L51-L51
Resolved in https://github.com/langchain-ai/langchain/pull/15559
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/langchain-ai/langchain/commit/bf0b3cc0b5ade1fb95a5b1b6fa260e99064c2e22 | Patch | |
| security@huntr.dev | https://github.com/langchain-ai/langchain/pull/15559 | Issue Tracking, Patch | |
| security@huntr.dev | https://huntr.com/bounties/370904e7-10ac-40a4-a8d4-e2d16e1ca861 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/langchain-ai/langchain/commit/bf0b3cc0b5ade1fb95a5b1b6fa260e99064c2e22 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/langchain-ai/langchain/pull/15559 | Issue Tracking, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.com/bounties/370904e7-10ac-40a4-a8d4-e2d16e1ca861 | Exploit, Issue Tracking, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:langchain:langchain:*:*:*:*:*:*:*:*", matchCriteriaId: "E4C61594-8DC6-4202-BD26-E6DA580E438F", versionEndExcluding: "0.1.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "With the following crawler configuration:\n\n```python\nfrom bs4 import BeautifulSoup as Soup\n\nurl = \"https://example.com\"\nloader = RecursiveUrlLoader(\n url=url, max_depth=2, extractor=lambda x: Soup(x, \"html.parser\").text\n)\ndocs = loader.load()\n```\n\nAn attacker in control of the contents of `https://example.com` could place a malicious HTML file in there with links like \"https://example.completely.different/my_file.html\" and the crawler would proceed to download that file as well even though `prevent_outside=True`.\n\nhttps://github.com/langchain-ai/langchain/blob/bf0b3cc0b5ade1fb95a5b1b6fa260e99064c2e22/libs/community/langchain_community/document_loaders/recursive_url_loader.py#L51-L51\n\nResolved in https://github.com/langchain-ai/langchain/pull/15559", }, { lang: "es", value: "Con la siguiente configuración del rastreador: ```python de bs4 import BeautifulSoup as Soup url = \"https://example.com\" loader = RecursiveUrlLoader( url=url, max_ Depth=2, extractor=lambda x: Soup(x, \"html .parser\").text ) docs = loader.load() ``` Un atacante que controle el contenido de `https://example.com` podría colocar un archivo HTML malicioso allí con enlaces como \"https:/example.completely.different/my_file.html\" y el rastreador procedería a descargar ese archivo también aunque `prevent_outside=True`. https://github.com/langchain-ai/langchain/blob/bf0b3cc0b5ade1fb95a5b1b6fa260e99064c2e22/libs/community/langchain_community/document_loaders/recursive_url_loader.py#L51-L51 Resuelto en https://github.com/langchain-ai/langchain/pull /15559", }, ], id: "CVE-2024-0243", lastModified: "2025-02-25T22:56:19.323", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 0.6, impactScore: 2.7, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-02-26T16:27:49.670", references: [ { source: "security@huntr.dev", tags: [ "Patch", ], url: "https://github.com/langchain-ai/langchain/commit/bf0b3cc0b5ade1fb95a5b1b6fa260e99064c2e22", }, { source: "security@huntr.dev", tags: [ "Issue Tracking", "Patch", ], url: "https://github.com/langchain-ai/langchain/pull/15559", }, { source: "security@huntr.dev", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://huntr.com/bounties/370904e7-10ac-40a4-a8d4-e2d16e1ca861", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/langchain-ai/langchain/commit/bf0b3cc0b5ade1fb95a5b1b6fa260e99064c2e22", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", ], url: "https://github.com/langchain-ai/langchain/pull/15559", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://huntr.com/bounties/370904e7-10ac-40a4-a8d4-e2d16e1ca861", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-918", }, ], source: "security@huntr.dev", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-10-20 22:15
Modified
2024-11-21 08:04
Severity ?
Summary
In Langchain through 0.0.155, prompt injection allows an attacker to force the service to retrieve data from an arbitrary URL, essentially providing SSRF and potentially injecting content into downstream tasks.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://gist.github.com/rharang/d265f46fc3161b31ac2e81db44d662e1 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gist.github.com/rharang/d265f46fc3161b31ac2e81db44d662e1 | Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:langchain:langchain:*:*:*:*:*:*:*:*", matchCriteriaId: "02E32772-8A62-461E-A121-F894FD16B540", versionEndIncluding: "0.0.155", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Langchain through 0.0.155, prompt injection allows an attacker to force the service to retrieve data from an arbitrary URL, essentially providing SSRF and potentially injecting content into downstream tasks.", }, { lang: "es", value: "En Langchain hasta 0.0.155, la inyección rápida permite a un atacante forzar al servicio a recuperar datos de una URL arbitraria, esencialmente proporcionando SSRF y potencialmente inyectando contenido en tareas posteriores.", }, ], id: "CVE-2023-32786", lastModified: "2024-11-21T08:04:01.443", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-10-20T22:15:10.553", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://gist.github.com/rharang/d265f46fc3161b31ac2e81db44d662e1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://gist.github.com/rharang/d265f46fc3161b31ac2e81db44d662e1", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-74", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-10-29 13:15
Modified
2024-10-31 15:39
Severity ?
Summary
A path traversal vulnerability exists in the `getFullPath` method of langchain-ai/langchainjs version 0.2.5. This vulnerability allows attackers to save files anywhere in the filesystem, overwrite existing text files, read `.txt` files, and delete files. The vulnerability is exploited through the `setFileContent`, `getParsedFile`, and `mdelete` methods, which do not properly sanitize user input.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:langchain:langchain:0.2.5:*:*:*:*:*:*:*", matchCriteriaId: "7B64914C-D055-40ED-91D4-BC39AB147771", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A path traversal vulnerability exists in the `getFullPath` method of langchain-ai/langchainjs version 0.2.5. This vulnerability allows attackers to save files anywhere in the filesystem, overwrite existing text files, read `.txt` files, and delete files. The vulnerability is exploited through the `setFileContent`, `getParsedFile`, and `mdelete` methods, which do not properly sanitize user input.", }, { lang: "es", value: "Existe una vulnerabilidad de path traversal en el método `getFullPath` de la versión 0.2.5 de langchain-ai/langchainjs. Esta vulnerabilidad permite a los atacantes guardar archivos en cualquier parte del sistema de archivos, sobrescribir archivos de texto existentes, leer archivos `.txt` y eliminar archivos. La vulnerabilidad se explota a través de los métodos `setFileContent`, `getParsedFile` y `mdelete`, que no desinfectan adecuadamente la entrada del usuario.", }, ], id: "CVE-2024-7774", lastModified: "2024-10-31T15:39:04.510", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 2.5, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-10-29T13:15:09.930", references: [ { source: "security@huntr.dev", tags: [ "Patch", ], url: "https://github.com/langchain-ai/langchainjs/commit/a0fad77d6b569e5872bd4a9d33be0c0785e538a9", }, { source: "security@huntr.dev", tags: [ "Exploit", "Third Party Advisory", ], url: "https://huntr.com/bounties/8fe40685-b714-4191-af7a-3de5e5628cee", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-29", }, ], source: "security@huntr.dev", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-22", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-03-01 12:15
Modified
2025-03-04 14:15
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability was found in LangChain langchain_community 0.0.26. It has been classified as critical. Affected is the function load_local in the library libs/community/langchain_community/retrievers/tfidf.py of the component TFIDFRetriever. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.0.27 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-255372.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:langchain:langchain:0.0.26:*:*:*:community:*:*:*", matchCriteriaId: "7FE97EB1-8093-4478-B653-B69EBBA0B607", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability was found in LangChain langchain_community 0.0.26. It has been classified as critical. Affected is the function load_local in the library libs/community/langchain_community/retrievers/tfidf.py of the component TFIDFRetriever. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.0.27 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-255372.", }, { lang: "es", value: "Se encontró una vulnerabilidad en Harrison Chase LangChain 0.1.9. Ha sido clasificada como crítica. La función load_local en la librería libs/community/langchain_community/retrievers/tfidf.py es afectada por la vulnerabilidad. La manipulación conduce a Server-Side Request Forgery. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al público y puede utilizarse. El identificador de esta vulnerabilidad es VDB-255372.", }, ], id: "CVE-2024-2057", lastModified: "2025-03-04T14:15:48.103", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "cna@vuldb.com", type: "Secondary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.4, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-03-01T12:15:48.670", references: [ { source: "cna@vuldb.com", tags: [ "Broken Link", ], url: "https://github.com/bayuncao/vul-cve-16", }, { source: "cna@vuldb.com", tags: [ "Broken Link", ], url: "https://github.com/bayuncao/vul-cve-16/tree/main/PoC.pkl", }, { source: "cna@vuldb.com", tags: [ "Patch", ], url: "https://github.com/langchain-ai/langchain/pull/18695", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", ], url: "https://vuldb.com/?ctiid.255372", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", ], url: "https://vuldb.com/?id.255372", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "https://github.com/bayuncao/vul-cve-16", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "https://github.com/bayuncao/vul-cve-16/tree/main/PoC.pkl", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/langchain-ai/langchain/pull/18695", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", ], url: "https://vuldb.com/?ctiid.255372", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", ], url: "https://vuldb.com/?id.255372", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-918", }, ], source: "cna@vuldb.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-08-15 17:15
Modified
2024-11-21 08:14
Severity ?
Summary
An issue in LangChain v.0.0.231 allows a remote attacker to execute arbitrary code via the prompt parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/hwchase17/langchain/issues/7641 | Exploit, Issue Tracking | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/hwchase17/langchain/issues/7641 | Exploit, Issue Tracking |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:langchain:langchain:0.0.231:*:*:*:*:*:*:*", matchCriteriaId: "F477D71B-7192-463A-94B4-99EB77D322C5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue in LangChain v.0.0.231 allows a remote attacker to execute arbitrary code via the prompt parameter.", }, { lang: "es", value: "Un problema en LangChain v.0.0.231 permite a un atacante remoto ejecutar código arbitrario a través del parámetro prompt.", }, ], id: "CVE-2023-38860", lastModified: "2024-11-21T08:14:18.683", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-08-15T17:15:11.737", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", ], url: "https://github.com/hwchase17/langchain/issues/7641", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", ], url: "https://github.com/hwchase17/langchain/issues/7641", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-94", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }