6 matches found
CVE-2025-6985 vulnerabilities
Vulnerabilities for packages: py3-langchain-text-splitters, open-webui...
CVE-2025-6985 vulnerabilities
Vulnerabilities for packages: py3-langchain-text-splitters, open-webui...
CVE-2025-6985
No description is available for this CVE. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability...
CVE-2025-6985
The CVE-2025-6985 entry concerns LangChain Text Splitters (langchain-text-splitters) v0.3.8, with an XML External Entity (XXE) risk due to unsafe XSLT parsing. The connected docs explain that arbitrary XSLT stylesheets are parsed using lxml.etree.parse() and lxml.etree.XSLT() without hardening, a...
a2a-client-handler (=0.1.0), aa-rag (>=0.1.0 <=0.4.3) +1316 more potentially affected by CVE-2025-6985 via langchain-text-splitters (>=0.0.1 <=0.3.8)
langchain-text-splitters PYPI version =0.0.1, =0.1.0, =0.1.3, =0.1.0, =0.1.0b0, =0.0.1, =4.8.2, =0.0.1a1, =0.1.0, =0.1.0, =1.0.0rc1, =3.2.0, =0.1.0, =0.1.3 and more Source cves: CVE-2025-6985 Source advisory: SNYK:PYTHON-LANGCHAINTEXTSPLITTERS-12704815...
PT-2025-29689
Name of the Vulnerable Software and Affected Versions langchain-text-splitters version 0.3.8 Description The HTMLSectionSplitter class is susceptible to XML External Entity XXE attacks because of unsafe XSLT parsing. The class permits the use of arbitrary XSLT stylesheets, which are parsed using...