6 matches found
CVE-2024-0243
With the following crawler configuration: python from bs4 import BeautifulSoup as Soup url = "https://example.com" loader = RecursiveUrlLoader url=url, maxdepth=2, extractor=lambda x: Soupx, "html.parser".text docs = loader.load An attacker in control of the contents of https://example.com could...
a-data-processing (=0.0.1), ab-data-processing (=0.0.1) +379 more potentially affected by CVE-2024-0243 via langchain (>=0.0.100 <=0.0.96)
langchain PYPI version =0.0.100, =0.1.7, =0.2.1, =0.1.0, =0.1.0, =0.1.5, =0.0.2, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.8.0, =0.8.5 and more Source cves: CVE-2024-0243 Source advisory: OSV:GHSA-H9J7-5XVC-QHG5...
genai-agents (>=0.1.0 <=0.1.3), openagi (>=0.1.0b0 <=0.1.0b4) potentially affected by CVE-2024-0243 via langchain-exa (=0.0.1)
langchain-exa PYPI version =0.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on langchain-exa and may be impacted: - genai-agents =0.1.0, =0.1.0b0, =0.1.0b4 Source cves: CVE-2024-0243 Source advisory: OSV:PYSEC-2024-235...
CVE-2024-0243
With the following crawler configuration: python from bs4 import BeautifulSoup as Soup url = "https://example.com" loader = RecursiveUrlLoader url=url, maxdepth=2, extractor=lambda x: Soupx, "html.parser".text docs = loader.load An attacker in control of the contents of https://example.com could...
CVE-2024-0243 Server-side Request Forgery In Recursive URL Loader
With the following crawler configuration: python from bs4 import BeautifulSoup as Soup url = "https://example.com" loader = RecursiveUrlLoader url=url, maxdepth=2, extractor=lambda x: Soupx, "html.parser".text docs = loader.load An attacker in control of the contents of https://example.com could...
CVE-2024-0243
LangChain’s CVE-2024-0243 describes an SSRF in the RecursiveUrlLoader used by LangChain, where an attacker controlling the content at a base URL (e.g., https://example.com) can inject links that cause the crawler to fetch external URLs despite prevent_outside being set. The issue is fixed in the ...