Lucene search
K

9 matches found

Veracode
Veracode
added 2026/04/13 6:51 a.m.7 views

Prototype Pollution

LangSmith is vulnerable to Prototype Pollution. The vulnerability is due to an incomplete prototype pollution fix in its internally vendored lodash set utility, where the baseAssignValue function only guards against the proto key, but fails to prevent traversal via constructor.prototype, and...

9.8CVSS5.8AI score0.00313EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/04/10 8:18 p.m.17 views

EUVD-2026-21594

LangSmith Client SDKs has Prototype Pollution in langsmith-sdk via Incomplete proto Guard in Internal lodash set...

5.6CVSS5.8AI score0.00313EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/04/10 8:18 p.m.17 views

LangSmith Client SDKs has Prototype Pollution in langsmith-sdk via Incomplete `__proto__` Guard in Internal lodash `set()`

GHSA-fw9q-39r9-c252: Prototype Pollution via Incomplete Lodash set Guard in langsmith-sdk Severity: Medium CVSS 5.6 Status: Fixed in 0.5.18 --- Summary The LangSmith JavaScript/TypeScript SDK langsmith contains an incomplete prototype pollution fix in its internally vendored lodash set utility. T...

9.8CVSS5.8AI score0.00313EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/04/10 8:18 p.m.7 views

GHSA-FW9Q-39R9-C252 LangSmith Client SDKs has Prototype Pollution in langsmith-sdk via Incomplete `__proto__` Guard in Internal lodash `set()`

GHSA-fw9q-39r9-c252: Prototype Pollution via Incomplete Lodash set Guard in langsmith-sdk Severity: Medium CVSS 5.6 Status: Fixed in 0.5.18 --- Summary The LangSmith JavaScript/TypeScript SDK langsmith contains an incomplete prototype pollution fix in its internally vendored lodash set utility. T...

5.6CVSS5.8AI score0.00313EPSS
Exploits1References5
NVD
NVD
added 2026/04/10 8:16 p.m.10 views

CVE-2026-40190

LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to 0.5.18, the LangSmith JavaScript/TypeScript SDK langsmith contains an incomplete prototype pollution fix in its internally vendored lodash set utility. The baseAssignValue function only guards against the...

9.8CVSS0.00313EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/10 7:47 p.m.26 views

CVE-2026-40190 LangSmith Client SDKs has Prototype Pollution in langsmith-sdk via Incomplete `__proto__` Guard in Internal lodash `set()`

LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to 0.5.18, the LangSmith JavaScript/TypeScript SDK langsmith contains an incomplete prototype pollution fix in its internally vendored lodash set utility. The baseAssignValue function only guards against the...

5.6CVSS0.00313EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/10 7:47 p.m.3 views

CVE-2026-40190 LangSmith Client SDKs has Prototype Pollution in langsmith-sdk via Incomplete `__proto__` Guard in Internal lodash `set()`

LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to 0.5.18, the LangSmith JavaScript/TypeScript SDK langsmith contains an incomplete prototype pollution fix in its internally vendored lodash set utility. The baseAssignValue function only guards against the...

5.6CVSS5.8AI score0.00313EPSS
Exploits1References1
CVE
CVE
added 2026/04/10 7:47 p.m.19 views

CVE-2026-40190

The CVE-2026-40190 issue affects LangSmith JavaScript/TypeScript SDK (langsmith) prior to 0.5.18, where an incomplete prototype pollution fix in the vendored lodash set() allows traversal via constructor.prototype, enabling an attacker who controls data keys processed by createAnonymizer() to pol...

9.8CVSS5.8AI score0.00313EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.7 views

LangSmith Client SDKs 安全漏洞

LangSmith Client SDKs are a developer toolkit open-sourced by LangChain. Versions of LangSmith Client SDKs prior to 0.5.18 contained security vulnerabilities. These vulnerabilities stemmed from incomplete prototype pollution repairs in the lodash set utility provided internally within the LangSmi...

5.6CVSS5.8AI score0.00313EPSS
Exploits1References2
Rows per page
Query Builder