Lucene search
+L

4 matches found

redhatcve
redhatcve
added 2025/05/23 7:45 a.m.7 views

CVE-2024-28088

LangChain through 0.1.10 allows ../ directory traversal by an actor who is able to control the final part of the path parameter in a loadchain call. This bypasses the intended behavior of loading configurations only from the hwchase17/langchain-hub GitHub repository. The outcome can be disclosure...

8.1CVSS8.4AI score0.0174EPSS
Exploits1References1
vulnersosv
vulnersosv
added 2024/03/04 12:30 a.m.5 views

agent-actors (=0.1.0), agent-lab-sdk (>=0.1.7 <=0.1.16) +309 more potentially affected by CVE-2024-28088 via langchain (>=0.0.100 <=0.0.338)

langchain PYPI version =0.0.100, =0.1.7, =0.2.1, =0.1.0, =0.1.0, =0.1.5, =0.0.2, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.1.8, =0.0.5, =0.0.14, =0.0.18 and more Source cves: CVE-2024-28088 Source advisory: OSV:GHSA-H59X-P739-982C...

8.1CVSS7.4AI score0.0174EPSS
Exploits1
vulnersosv
vulnersosv
added 2024/03/04 12:15 a.m.5 views

a-data-processing (=0.0.1), ab-data-processing (=0.0.1) +400 more potentially affected by CVE-2024-28088 via langchain (>=0.0.100 <=0.1.10)

langchain PYPI version =0.0.100, =0.1.7, =0.2.1, =0.1.0, =0.1.0, =0.1.5, =0.0.2, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.8 - airda =0.0.3 and more Source cves: CVE-2024-28088 Source advisory: OSV:PYSEC-2024-43...

8.1CVSS7.4AI score0.0174EPSS
Exploits1
cve
cve
added 2024/03/03 12:0 a.m.115 views

CVE-2024-28088

Summary: CVE-2024-28088 affects LangChain prior to 0.1.29. Through the load_chain call, an attacker who can control the final segment of the path can cause directory traversal ("....") and bypass loading configurations from the langchain-hub repo. This can lead to disclosure of secrets (e.g., API...

8.1CVSS7.4AI score0.0174EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder