2 matches found
a-data-processing (=0.0.1), ab-data-processing (=0.0.1) +515 more potentially affected by CVE-2024-3095 via langchain-community (>=0.0.1 <=0.2.7)
langchain-community PYPI version =0.0.1, =0.1.0, =0.0.2, =0.0.1, =0.1.0, =0.0.1, =0.0.18, =0.2.0, =0.0.1, =0.0.2, =0.0.1, =0.0.4a1 - aicat-annotator =0.0.1 and more Source cves: CVE-2024-3095 Source advisory: OSV:GHSA-Q25C-C977-4CMH...
CVE-2024-3095 SSRF in Langchain Web Research Retriever in langchain-ai/langchain
A Server-Side Request Forgery SSRF vulnerability exists in the Web Research Retriever component of langchain-ai/langchain version 0.1.5. The vulnerability arises because the Web Research Retriever does not restrict requests to remote internet addresses, allowing it to reach local addresses. This...