CVE-2024-2057 – LangChain langchain_community TFIDFRetriever tfidf.py load_local server-side request forgery

https://notcve.org/view.php?id=CVE-2024-2057

01 Mar 2024 — A vulnerability was found in LangChain langchain_community 0.0.26. It has been classified as critical. Affected is the function load_local in the library libs/community/langchain_community/retrievers/tfidf.py of the component TFIDFRetriever. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. • https://github.com/bayuncao/vul-cve-16 • CWE-918: Server-Side Request Forgery (SSRF) •