5 matches found
CVE-2025-6984
The langchain-ai/langchain project, specifically the EverNoteLoader component, is vulnerable to XML External Entity XXE attacks due to insecure XML parsing. The affected version is 0.3.63. The vulnerability arises from the use of etree.iterparse without disabling external entity references, which...
CVE-2025-6984 Sensitive Information Disclosure Due to Insecure XML Parsing in langchain-ai/langchain
The langchain-ai/langchain project, specifically the EverNoteLoader component, is vulnerable to XML External Entity XXE attacks due to insecure XML parsing. The affected version is 0.3.63. The vulnerability arises from the use of etree.iterparse without disabling external entity references, which...
CVE-2025-6984 Sensitive Information Disclosure Due to Insecure XML Parsing in langchain-ai/langchain
The langchain-ai/langchain project, specifically the EverNoteLoader component, is vulnerable to XML External Entity XXE attacks due to insecure XML parsing. The affected version is 0.3.63. The vulnerability arises from the use of etree.iterparse without disabling external entity references, which...
LangChain 信息泄露漏洞
LangChain is a LangChain open source framework for developing applications powered by the Large Language Model LLM. An information disclosure vulnerability exists in LangChain version 0.3.63, which stems from insecure XML parsing and could lead to the disclosure of sensitive information...
PT-2025-35896
Name of the Vulnerable Software and Affected Versions: langchain-ai/langchain version 0.3.63 Description: The EverNoteLoader component is susceptible to XML External Entity XXE attacks due to insecure XML parsing. This issue stems from the use of etree.iterparse without disabling external entity...