1 results (0.002 seconds)

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

A vulnerability was found in LangChain langchain_community 0.0.26. It has been classified as critical. Affected is the function load_local in the library libs/community/langchain_community/retrievers/tfidf.py of the component TFIDFRetriever. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. • https://github.com/bayuncao/vul-cve-16 https://github.com/bayuncao/vul-cve-16/tree/main/PoC.pkl https://github.com/langchain-ai/langchain/pull/18695 https://vuldb.com/?ctiid.255372 https://vuldb.com/?id.255372 • CWE-918: Server-Side Request Forgery (SSRF) •