CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7774 – Path Traversal in langchain-ai/langchainjs
https://notcve.org/view.php?id=CVE-2024-7774
29 Oct 2024 — A path traversal vulnerability exists in the `getFullPath` method of langchain-ai/langchainjs version 0.2.5. This vulnerability allows attackers to save files anywhere in the filesystem, overwrite existing text files, read `.txt` files, and delete files. The vulnerability is exploited through the `setFileContent`, `getParsedFile`, and `mdelete` methods, which do not properly sanitize user input. • https://github.com/langchain-ai/langchainjs/commit/a0fad77d6b569e5872bd4a9d33be0c0785e538a9 • CWE-29: Path Traversal: '\..\filename' •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-46946
https://notcve.org/view.php?id=CVE-2024-46946
19 Sep 2024 — langchain_experimental (aka LangChain Experimental) 0.1.17 through 0.3.0 for LangChain allows attackers to execute arbitrary code through sympy.sympify (which uses eval) in LLMSymbolicMathChain. LLMSymbolicMathChain was introduced in fcccde406dd9e9b05fc9babcbeb9ff527b0ec0c6 (2023-10-05). • https://cwe.mitre.org/data/definitions/95.html • CWE-20: Improper Input Validation •
CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5998 – Deserialization of Untrusted Data in langchain-ai/langchain
https://notcve.org/view.php?id=CVE-2024-5998
17 Sep 2024 — A vulnerability in the FAISS.deserialize_from_bytes function of langchain-ai/langchain allows for pickle deserialization of untrusted data. This can lead to the execution of arbitrary commands via the os.system function. The issue affects the latest version of the product. • https://github.com/langchain-ai/langchain/commit/604dfe2d99246b0c09f047c604f0c63eafba31e7 • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-21513
https://notcve.org/view.php?id=CVE-2024-21513
15 Jul 2024 — Versions of the package langchain-experimental from 0.0.15 and before 0.0.21 are vulnerable to Arbitrary Code Execution when retrieving values from the database, the code will attempt to call 'eval' on all values. An attacker can exploit this vulnerability and execute arbitrary python code if they can control the input prompt and the server is configured with VectorSQLDatabaseChain. **Notes:** Impact on the Confidentiality, Integrity and Availability of the vulnerable component: Confidentiality: Code execut... • https://github.com/langchain-ai/langchain/blob/672907bbbb7c38bf19787b78e4ffd7c8a9026fe4/libs/experimental/langchain_experimental/sql/vector_sql.py%23L81 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38459
https://notcve.org/view.php?id=CVE-2024-38459
16 Jun 2024 — langchain_experimental (aka LangChain Experimental) before 0.0.61 for LangChain provides Python REPL access without an opt-in step. NOTE; this issue exists because of an incomplete fix for CVE-2024-27444. langchain_experimental (también conocido como LangChain Experimental) anterior a 0.0.61 para LangChain proporciona acceso a Python REPL sin un paso de suscripción. NOTA; Este problema existe debido a una solución incompleta para CVE-2024-27444. • https://github.com/langchain-ai/langchain/commit/ce0b0f22a175139df8f41cdcfb4d2af411112009 • CWE-276: Incorrect Default Permissions •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-2965 – Denial-of-Service in LangChain SitemapLoader in langchain-ai/langchain
https://notcve.org/view.php?id=CVE-2024-2965
06 Jun 2024 — A Denial-of-Service (DoS) vulnerability exists in the `SitemapLoader` class of the `langchain-community` package, affecting all versions. The `parse_sitemap` method, responsible for parsing sitemaps and extracting URLs, lacks a mechanism to prevent infinite recursion when a sitemap URL refers to the current sitemap itself. This oversight allows for the possibility of an infinite loop, leading to a crash by exceeding the maximum recursion depth in Python. This vulnerability can be exploited to occupy server ... • https://huntr.com/bounties/90b0776d-9fa6-4841-aac4-09fde5918cae • CWE-400: Uncontrolled Resource Consumption CWE-674: Uncontrolled Recursion •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 1CVE-2024-3095 – SSRF in Langchain Web Research Retriever in langchain-ai/langchain
https://notcve.org/view.php?id=CVE-2024-3095
06 Jun 2024 — A Server-Side Request Forgery (SSRF) vulnerability exists in the Web Research Retriever component of langchain-ai/langchain version 0.1.5. The vulnerability arises because the Web Research Retriever does not restrict requests to remote internet addresses, allowing it to reach local addresses. This flaw enables attackers to execute port scans, access local services, and in some scenarios, read instance metadata from cloud environments. The vulnerability is particularly concerning as it can be exploited to ab... • https://github.com/leoCottret/CVE-2024-30956 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3571 – Path Traversal in langchain-ai/langchain
https://notcve.org/view.php?id=CVE-2024-3571
16 Apr 2024 — langchain-ai/langchain is vulnerable to path traversal due to improper limitation of a pathname to a restricted directory ('Path Traversal') in its LocalFileStore functionality. An attacker can leverage this vulnerability to read or write files anywhere on the filesystem, potentially leading to information disclosure or remote code execution. The issue lies in the handling of file paths in the mset and mget methods, where user-supplied input is not adequately sanitized, allowing directory traversal sequence... • https://github.com/langchain-ai/langchain/commit/aad3d8bd47d7f5598156ff2bdcc8f736f24a7412 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1455 – Billion Laughs Attack leading to DoS in langchain-ai/langchain
https://notcve.org/view.php?id=CVE-2024-1455
26 Mar 2024 — A vulnerability in the langchain-ai/langchain repository allows for a Billion Laughs Attack, a type of XML External Entity (XXE) exploitation. By nesting multiple layers of entities within an XML document, an attacker can cause the XML parser to consume excessive CPU and memory resources, leading to a denial of service (DoS). XMLOutputParser en LangChain utiliza el módulo etree del analizador XML en la biblioteca estándar de Python que tiene algunas vulnerabilidades XML; consulte: https://docs.python.org/3/... • https://github.com/langchain-ai/langchain/commit/727d5023ce88e18e3074ef620a98137d26ff92a3 • CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-28088
https://notcve.org/view.php?id=CVE-2024-28088
03 Mar 2024 — LangChain through 0.1.10 allows ../ directory traversal by an actor who is able to control the final part of the path parameter in a load_chain call. This bypasses the intended behavior of loading configurations only from the hwchase17/langchain-hub GitHub repository. The outcome can be disclosure of an API key for a large language model online service, or remote code execution. (A patch is available as of release 0.1.29 of langchain-core.) LangChain hasta 0.1.10 permite el Directory Traversal ../ por parte... • https://github.com/levpachmanov/cve-2024-28088-poc • CWE-31: Path Traversal: 'dir\..\..\filename' •