10 matches found
EUVD-2025-29045
Malicious code in bioql PyPI...
CVE-2025-9556
Langchaingo supports the use of jinja2 syntax when parsing prompts, which is in turn parsed using the gonja library v1.5.3. Gonja supports include and extends syntax to read files, which leads to a server side template injection vulnerability within langchaingo, allowing an attacker to insert a...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the gonja template parsing process. An attacker can access arbitrary files on the server by injecting malicious template statements into prompts. Allowing an attacker to insert a statement into a prompt to...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the gonja template parsing process. An attacker can access arbitrary files on the server by injecting malicious template statements into prompts. Allowing an attacker to insert a statement into a prompt to...
CVE-2025-9556
Langchaingo supports the use of jinja2 syntax when parsing prompts, which is in turn parsed using the gonja library v1.5.3. Gonja supports include and extends syntax to read files, which leads to a server side template injection vulnerability within langchaingo, allowing an attacker to insert a...
CVE-2025-9556
Langchaingo supports the use of jinja2 syntax when parsing prompts, which is in turn parsed using the gonja library v1.5.3. Gonja supports include and extends syntax to read files, which leads to a server side template injection vulnerability within langchaingo, allowing an attacker to insert a...
CVE-2025-9556 CVE-2025-9556
Langchaingo supports the use of jinja2 syntax when parsing prompts, which is in turn parsed using the gonja library v1.5.3. Gonja supports include and extends syntax to read files, which leads to a server side template injection vulnerability within langchaingo, allowing an attacker to insert a...
CVE-2025-9556 CVE-2025-9556
Langchaingo supports the use of jinja2 syntax when parsing prompts, which is in turn parsed using the gonja library v1.5.3. Gonja supports include and extends syntax to read files, which leads to a server side template injection vulnerability within langchaingo, allowing an attacker to insert a...
Langchaingo supports jinja2 and gonja for syntax parsing, allowing for arbitrary file read
Overview LangChainGo, the Go implementation of LangChain, a large language model LLM application building framework, has been discovered to contain an arbitrary file read vulnerability. The vulnerability, tracked as CVE-2025-9556, allows for arbitrary file read through the Gonja template engine...
PT-2025-37319
Name of the Vulnerable Software and Affected Versions: langchaingo affected versions not specified Description: langchaingo utilizes the gonja library version 1.5.3 to parse prompts that support jinja2 syntax. The gonja library’s support for include and extend syntax, which allows reading files,...