78 matches found
LangChain-Chatchat 竞争条件问题漏洞
LangChain-Chatchat is a chatbot software developed based on the LangChain framework, open-sourced by Chatchat-Space. Versions of Langchain-Chatchat 0.3.1.3 and earlier contained a race condition vulnerability. This vulnerability stemmed from the operation of the files function in the...
CVE-2026-30617
LangChain-ChatChat 0.3.1 contains a remote code execution vulnerability in its MCP STDIO server configuration and execution handling. A remote attacker can access the publicly exposed MCP management interface and configure an MCP STDIO server with attacker-controlled commands and arguments. When...
CVE-2026-30617
LangChain-ChatChat 0.3.1 contains a remote code execution vulnerability in its MCP STDIO server configuration and execution handling. A remote attacker can access the publicly exposed MCP management interface and configure an MCP STDIO server with attacker-controlled commands and arguments. When...
CVE-2026-30617
LangChain-ChatChat 0.3.1 contains a remote code execution vulnerability in its MCP STDIO server configuration and execution handling. A remote attacker can access the publicly exposed MCP management interface and configure an MCP STDIO server with attacker-controlled commands and arguments. When...
LangChain-Chatchat 安全漏洞
LangChain-Chatchat is a chatbot software developed based on the LangChain framework, open-sourced by Chatchat-Space. Version 0.3.1 of LangChain-Chatchat contains a security vulnerability. This vulnerability stems from improper configuration and execution of the MCP STDIO server, which may allow...
EUVD-2025-19477
Malicious code in bioql PyPI...
EUVD-2025-19478
Malicious code in bioql PyPI...
EUVD-2025-19479
Malicious code in bioql PyPI...
CVE-2025-6855
A vulnerability, which was classified as critical, has been found in chatchat-space Langchain-Chatchat up to 0.3.1. This issue affects some unknown processing of the file /v1/file. The manipulation of the argument flag leads to path traversal. The exploit has been disclosed to the public and may ...
CVE-2025-6853
A vulnerability classified as critical has been found in chatchat-space Langchain-Chatchat up to 0.3.1. This affects the function uploadtempdocs of the file /knowledgebase/uploadtempdocs of the component Backend. The manipulation of the argument flag leads to path traversal. It is possible to...
CVE-2025-6854
A vulnerability classified as problematic was found in chatchat-space Langchain-Chatchat up to 0.3.1. This vulnerability affects unknown code of the file /v1/files?purpose=assistants. The manipulation leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to...
Directory Traversal
Overview langchain-chatchat is a Langchain-Chatchat formerly langchain-ChatGLM, local knowledge based LLM like ChatGLM, Qwen and Llama RAG and Agent app with langchain Affected versions of this package are vulnerable to Directory Traversal via the purpose parameter in the /v1/files endpoint. An...
Langchain-Chatchat vulnerable to path traversal
A vulnerability classified as problematic was found in chatchat-space Langchain-Chatchat up to 0.3.1. This vulnerability affects unknown code of the file /v1/files?purpose=assistants. The manipulation leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to...
Langchain-Chatchat vulnerable to path traversal
A vulnerability, which was classified as critical, has been found in chatchat-space Langchain-Chatchat up to 0.3.1. This issue affects some unknown processing of the file /v1/file. The manipulation of the argument flag leads to path traversal. The exploit has been disclosed to the public and may ...
GHSA-F823-PHMG-X5FR Langchain-Chatchat vulnerable to path traversal
A vulnerability, which was classified as critical, has been found in chatchat-space Langchain-Chatchat up to 0.3.1. This issue affects some unknown processing of the file /v1/file. The manipulation of the argument flag leads to path traversal. The exploit has been disclosed to the public and may ...
GHSA-8V8H-4PJX-RG73 Langchain-Chatchat vulnerable to path traversal
A vulnerability classified as problematic was found in chatchat-space Langchain-Chatchat up to 0.3.1. This vulnerability affects unknown code of the file /v1/files?purpose=assistants. The manipulation leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to...
Langchain-Chatchat has a Path Traversal vulnerability
A vulnerability classified as critical has been found in chatchat-space Langchain-Chatchat up to 0.3.1. This affects the function uploadtempdocs of the file /knowledgebase/uploadtempdocs of the component Backend. The manipulation of the argument flag leads to path traversal. It is possible to...
GHSA-QMGV-J263-QR33 Langchain-Chatchat has a Path Traversal vulnerability
A vulnerability classified as critical has been found in chatchat-space Langchain-Chatchat up to 0.3.1. This affects the function uploadtempdocs of the file /knowledgebase/uploadtempdocs of the component Backend. The manipulation of the argument flag leads to path traversal. It is possible to...
CVE-2025-6855
A vulnerability, which was classified as critical, has been found in chatchat-space Langchain-Chatchat up to 0.3.1. This issue affects some unknown processing of the file /v1/file. The manipulation of the argument flag leads to path traversal. The exploit has been disclosed to the public and may ...
CVE-2025-6854
A vulnerability classified as problematic was found in chatchat-space Langchain-Chatchat up to 0.3.1. This vulnerability affects unknown code of the file /v1/files?purpose=assistants. The manipulation leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to...