XML External Entity (XXE) Injection

Overview langroid is a Harness LLMs with Multi-Agent Programming Affected versions of this package are vulnerable to XML External Entity XXE Injection through the XMLToolMessage class. An attacker can cause denial of service or access sensitive local files by submitting specially crafted XML...

Langroid 代码问题漏洞

Langroid is a Langroid open source tool for developing LLM using multi-agent programming. A code issue vulnerability exists in Langroid versions prior to 0.53.4 that stems from the XMLToolMessage class that may process untrusted XML input, which could result in a denial of service or disclosure o...