CVE-2025-6985 XXE Vulnerability in langchain-ai/langchain

The HTMLSectionSplitter class in langchain-text-splitters version 0.3.8 is vulnerable to XML External Entity XXE attacks due to unsafe XSLT parsing. This vulnerability arises because the class allows the use of arbitrary XSLT stylesheets, which are parsed using lxml.etree.parse and lxml.etree.XSL...

langchain-text-splitters 代码问题漏洞

langchain-text-splitters is a Python package open-sourced by LangChain. A code issue vulnerability exists in langchain-text-splitters version 0.3.8, which stems from the HTMLSectionSplitter class allowing the use of arbitrary XSLT stylesheets, which could lead to an XML External Entity Attack,...