Lucene search
GoogleOSV:CVE-2024-5998HistorySep 17, 2024 - 12:15 p.m.
CVE-2024-5998
2024-09-1712:15:02
Google
osv.dev
vulnerability
langchain
pickle deserialization
arbitrary command execution
latest version
software
CVSS3
5.2
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.0/AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L
A vulnerability in the FAISS.deserialize_from_bytes function of langchain-ai/langchain allows for pickle deserialization of untrusted data. This can lead to the execution of arbitrary commands via the os.system function. The issue affects the latest version of the product.
Related
nvd
nvd
CVE-2024-5998
2024-09-17 12:15:02
github
github
LangChain pickle deserialization of untrusted data
2024-09-17 12:30:32
cvelist
cvelist
CVE-2024-5998 Deserialization of Untrusted Data in langchain-ai/langchain
2024-09-17 11:50:13
cve
cve
CVE-2024-5998
2024-09-17 12:15:02
osv
osv
LangChain pickle deserialization of untrusted data
2024-09-17 12:30:32
vulnrichment
vulnrichment
CVE-2024-5998 Deserialization of Untrusted Data in langchain-ai/langchain
2024-09-17 11:50:13
CVSS3
5.2
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.0/AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L
Related for OSV:CVE-2024-5998