1 results (0.001 seconds)
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1
CVE-2024-2057 – LangChain langchain_community TFIDFRetriever tfidf.py load_local server-side request forgery
https://notcve.org/view.php?id=CVE-2024-2057
A vulnerability was found in LangChain langchain_community 0.0.26. It has been classified as critical. Affected is the function load_local in the library libs/community/langchain_community/retrievers/tfidf.py of the component TFIDFRetriever. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. • https://github.com/bayuncao/vul-cve-16 https://github.com/bayuncao/vul-cve-16/tree/main/PoC.pkl https://github.com/langchain-ai/langchain/pull/18695 https://vuldb.com/?ctiid.255372 https://vuldb.com/?id.255372 • CWE-918: Server-Side Request Forgery (SSRF) •