XML External Entity (XXE) Injection
Overview langroid is a Harness LLMs with Multi-Agent Programming Affected versions of this package are vulnerable to XML External Entity XXE Injection through the XMLToolMessage class. An attacker can cause denial of service or access sensitive local files by submitting specially crafted XML...