PYSEC-2024-43

🗓️ 04 Mar 2024 00:00:15Reported by GoogleType

osv🔗 osv.dev👁 20 Views

LangChain 0.1.10 directory traversal vulnerability allows unauthorized access to API key and remote code executio

Reporter	Title	Published	Views	Family All 10
OSV	CVE-2024-28088	4 Mar 202400:15	–	osv
OSV	LangChain directory traversal vulnerability	4 Mar 202400:30	–	osv
OSV	PYSEC-2024-45	4 Mar 202400:15	–	osv
CVE	CVE-2024-28088	4 Mar 202400:15	–	cve
NVD	CVE-2024-28088	4 Mar 202400:15	–	nvd
Prion	Directory traversal	4 Mar 202400:15	–	prion
Github Security Blog	LangChain directory traversal vulnerability	4 Mar 202400:30	–	github
Cvelist	CVE-2024-28088	3 Mar 202400:00	–	cvelist
Vulnrichment	CVE-2024-28088	3 Mar 202400:00	–	vulnrichment
Veracode	Path Traversal	4 Mar 202411:56	–	veracode

Source	Link
github	www.github.com/PinkDraconian/PoC-Langchain-RCE/blob/main/README.md
github	www.github.com/langchain-ai/langchain/blob/f96dd57501131840b713ed7c2e86cbf1ddc2761f/libs/core/langchain_core/utils/loading.py

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

04 Mar 2024 00:15Current

7.9High risk

Vulners AI Score7.9

EPSS0.12333