CVSS3
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.0/AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L
EPSS
Percentile
9.6%
A vulnerability in the FAISS.deserialize_from_bytes
function of langchain-ai/langchain allows for pickle deserialization of untrusted data. This can lead to the execution of arbitrary commands via the os.system
function. The issue affects versions prior to 0.2.4.
Vendor | Product | Version | CPE |
---|---|---|---|
langchain | langchain-experimental | * | cpe:2.3:a:langchain:langchain-experimental:*:*:*:*:*:*:*:* |