Lucene search
GoogleOSV:CVE-2024-28088HistoryMar 04, 2024 - 12:15 a.m.
CVE-2024-28088
2024-03-0400:15:47
Google
osv.dev
3
langchain
directory traversal
load_chain call
github repository
api key
remote code execution
vulnerability
patch
software
AI Score
7.5
Confidence
High
LangChain through 0.1.10 allows …/ directory traversal by an actor who is able to control the final part of the path parameter in a load_chain call. This bypasses the intended behavior of loading configurations only from the hwchase17/langchain-hub GitHub repository. The outcome can be disclosure of an API key for a large language model online service, or remote code execution. (A patch is available as of release 0.1.29 of langchain-core.)
Related
cvelist
cvelist
CVE-2024-28088
2024-03-03 00:00:00
vulnrichment
vulnrichment
CVE-2024-28088
2024-03-03 00:00:00
osv
osv
LangChain directory traversal vulnerability
2024-03-04 00:30:53
PYSEC-2024-43
2024-03-04 00:15:00
PYSEC-2024-45
2024-03-04 00:15:00
prion
prion
Directory traversal
2024-03-04 00:15:00
nvd
nvd
CVE-2024-28088
2024-03-04 00:15:47
cve
cve
CVE-2024-28088
2024-03-04 00:15:47
github
github
LangChain directory traversal vulnerability
2024-03-04 00:30:53
veracode
veracode
Path Traversal
2024-03-04 11:56:24