Lucene search
MitreCVELIST:CVE-2024-28088HistoryMar 03, 2024 - 12:00 a.m.
CVE-2024-28088
2024-03-0300:00:00
mitre
www.cve.org
1
langchain
directory traversal
disclosure
api key
remote code execution
patch
LangChain through 0.1.10 allows …/ directory traversal by an actor who is able to control the final part of the path parameter in a load_chain call. This bypasses the intended behavior of loading configurations only from the hwchase17/langchain-hub GitHub repository. The outcome can be disclosure of an API key for a large language model online service, or remote code execution. (A patch is available as of release 0.1.29 of langchain-core.)
Related
vulnrichment
vulnrichment
CVE-2024-28088
2024-03-03 00:00:00
osv
osv
CVE-2024-28088
2024-03-04 00:15:47
LangChain directory traversal vulnerability
2024-03-04 00:30:53
PYSEC-2024-43
2024-03-04 00:15:00
prion
prion
Directory traversal
2024-03-04 00:15:00
nvd
nvd
CVE-2024-28088
2024-03-04 00:15:47
cve
cve
CVE-2024-28088
2024-03-04 00:15:47
github
github
LangChain directory traversal vulnerability
2024-03-04 00:30:53
veracode
veracode
Path Traversal
2024-03-04 11:56:24