Lucene search
GoogleOSV:GHSA-F2JM-RW3H-6PHGHistorySep 17, 2024 - 12:30 p.m.
LangChain pickle deserialization of untrusted data
2024-09-1712:30:32
Google
osv.dev
1
vulnerability
langchain
pickle
deserialization
untrusted data
faiss
execution
arbitrary commands
os.system
version
CVSS3
5.2
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.0/AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L
A vulnerability in the FAISS.deserialize_from_bytes function of langchain-ai/langchain allows for pickle deserialization of untrusted data. This can lead to the execution of arbitrary commands via the os.system function. The issue affects versions prior to 0.2.4.
Related
nvd
nvd
CVE-2024-5998
2024-09-17 12:15:02
cvelist
cvelist
CVE-2024-5998 Deserialization of Untrusted Data in langchain-ai/langchain
2024-09-17 11:50:13
cve
cve
CVE-2024-5998
2024-09-17 12:15:02
github
github
LangChain pickle deserialization of untrusted data
2024-09-17 12:30:32
osv
osv
CVE-2024-5998
2024-09-17 12:15:02
vulnrichment
vulnrichment
CVE-2024-5998 Deserialization of Untrusted Data in langchain-ai/langchain
2024-09-17 11:50:13
CVSS3
5.2
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.0/AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L
Related for OSV:GHSA-F2JM-RW3H-6PHG