1884 matches found
Path Traversal
langchain is vulnerable to Path Traversal. This vulnerability is due to a flaw in the loadchain function, allowing an actor to control the final part of the path parameter. This bypasses the intended behavior of loading configurations solely from a specific GitHub repository. The consequence coul...
LangChain directory traversal vulnerability
LangChain through 0.1.10 allows ../ directory traversal by an actor who is able to control the final part of the path parameter in a loadchain call. This bypasses the intended behavior of loading configurations only from the hwchase17/langchain-hub GitHub repository. The outcome can be disclosure...
CVE-2024-28088
LangChain through 0.1.10 allows ../ directory traversal by an actor who is able to control the final part of the path parameter in a loadchain call. This bypasses the intended behavior of loading configurations only from the hwchase17/langchain-hub GitHub repository. The outcome can be disclosure...
CVE-2024-28088
LangChain through 0.1.10 allows ../ directory traversal by an actor who is able to control the final part of the path parameter in a loadchain call. This bypasses the intended behavior of loading configurations only from the hwchase17/langchain-hub GitHub repository. The outcome can be disclosure...
PYSEC-2024-45
LangChain through 0.1.10 allows ../ directory traversal by an actor who is able to control the final part of the path parameter in a loadchain call. This bypasses the intended behavior of loading configurations only from the hwchase17/langchain-hub GitHub repository. The outcome can be disclosure...
PYSEC-2024-43
LangChain through 0.1.10 allows ../ directory traversal by an actor who is able to control the final part of the path parameter in a loadchain call. This bypasses the intended behavior of loading configurations only from the hwchase17/langchain-hub GitHub repository. The outcome can be disclosure...
openSUSE: Security Advisory for python (openSUSE-SU-2023:0334-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE: Security Advisory for python (openSUSE-SU-2023:0279-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2024-28088
LangChain through 0.1.10 allows ../ directory traversal by an actor who is able to control the final part of the path parameter in a loadchain call. This bypasses the intended behavior of loading configurations only from the hwchase17/langchain-hub GitHub repository. The outcome can be disclosure...
CVE-2024-28088
LangChain through 0.1.10 allows ../ directory traversal by an actor who is able to control the final part of the path parameter in a loadchain call. This bypasses the intended behavior of loading configurations only from the hwchase17/langchain-hub GitHub repository. The outcome can be disclosure...
PT-2024-22256 · Langchain · Langchain
Name of the Vulnerable Software and Affected Versions: LangChain versions 0.1.10 and earlier Description: The issue allows an actor who can control the final part of the path parameter in a load chain call to perform ../ directory traversal. This bypasses the intended behavior of loading...
CVE-2024-25635
alf.io is an open source ticket reservation system. Prior to version 2.0-Mr-2402, organization owners can view the generated API KEY and USERS of other organization owners using the http://192.168.26.128:8080/admin/api/users/ endpoint, which exposes the details of the provided user ID. This may...
Design/Logic Flaw
alf.io is an open source ticket reservation system. Prior to version 2.0-Mr-2402, organization owners can view the generated API KEY and USERS of other organization owners using the http://192.168.26.128:8080/admin/api/users/ endpoint, which exposes the details of the provided user ID. This may...
CVE-2024-25635 IDOR Vulnerability: Allowing Organization Owner to view the other Organizations API KEY and USERS
alf.io is an open source ticket reservation system. Prior to version 2.0-Mr-2402, organization owners can view the generated API KEY and USERS of other organization owners using the http://192.168.26.128:8080/admin/api/users/ endpoint, which exposes the details of the provided user ID. This may...
CVE-2024-25635
CVE-2024-25635 affects alf.io prior to 2.0-Mr-2402, where an IDOR flaw in the /admin/api/users/ endpoint allows organization owners to view other org owners’ API KEYs and USERS. Root cause: improper access control on user data exposure; consequence is potential leakage of API credentials and sens...
CVE-2024-25635 IDOR Vulnerability: Allowing Organization Owner to view the other Organizations API KEY and USERS
alf.io is an open source ticket reservation system. Prior to version 2.0-Mr-2402, organization owners can view the generated API KEY and USERS of other organization owners using the http://192.168.26.128:8080/admin/api/users/ endpoint, which exposes the details of the provided user ID. This may...
CVE-2024-25635 IDOR Vulnerability: Allowing Organization Owner to view the other Organizations API KEY and USERS
alf.io is an open source ticket reservation system. Prior to version 2.0-Mr-2402, organization owners can view the generated API KEY and USERS of other organization owners using the http://192.168.26.128:8080/admin/api/users/ endpoint, which exposes the details of the provided user ID. This may...
Mozilla: paypal client_id And stripe api key indexed on web archive
The paypal clientid and stripe API key have been indexed on the web archive, exposing sensitive data...
PT-2024-21055 · Alf.Io · Alf.Io
Name of the Vulnerable Software and Affected Versions: alf.io versions prior to 2.0-Mr-2402 Description: The issue allows organization owners to view the generated API KEY and USERS of other organization owners. This is achieved through the "http://192.168.26.128:8080/admin/api/users/" endpoint,...
CVE-2023-6959
The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the recaptchaapikeymanage function in all versions up to, and including, 2.0.3. This makes it possible for authenticated attackers, with subscriber-level acce...