Regular Expression Denial of Service (ReDoS)

Overview langchain-classic is a Building applications with LLMs through composability Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the parse function in the MRKLOutputParser class. An attacker can cause excessive CPU consumption and significan...

CVE-2024-58340

LangChain versions up to and including 0.3.1 contain a regular expression denial-of-service ReDoS vulnerability in the MRKLOutputParser.parse method libs/langchain/langchain/agents/mrkl/outputparser.py. The parser applies a backtracking-prone regular expression when extracting tool actions from...

CVE-2024-58340 LangChain <= 0.3.1 MRKLOutputParser ReDoS

LangChain versions up to and including 0.3.1 contain a regular expression denial-of-service ReDoS vulnerability in the MRKLOutputParser.parse method libs/langchain/langchain/agents/mrkl/outputparser.py. The parser applies a backtracking-prone regular expression when extracting tool actions from...

CVE-2024-58340

LangChain

LangChain 安全漏洞

LangChain is the LangChain open source framework for developing applications powered by the Large Language Model LLM. A security vulnerability exists in LangChain 0.3.1 and earlier versions, which stems from the MRKLOutputParser.parse method using a regular expression that is vulnerable to...

PT-2026-2319

Name of the Vulnerable Software and Affected Versions LangChain versions up to and including 0.3.1 Description LangChain versions up to and including 0.3.1 have a regular expression denial-of-service ReDoS issue in the MRKLOutputParser.parse method, located in...