4 matches found
LangChain < 0.2.9 Vulnerability - CVE-2024-5998
The version of LangChain installed on the remote host is prior to 0.2.9. It is, therefore, affected by a deserialization vulnerability in the FAISS.deserializefrombytes function. This can lead to the execution of arbitrary commands via the os.system function. Note that Nessus has not tested for...
a-data-processing (=0.0.1), ab-data-processing (=0.0.1) +346 more potentially affected by CVE-2024-5998 via langchain-community (>=0.0.1 <=0.2.1)
langchain-community PYPI version =0.0.1, =0.1.0, =0.0.2, =0.1.0, =0.0.18, =0.2.0, =0.0.1, =0.0.2, =0.0.1, =0.0.1, =0.19.0, =0.30.0 and more Source cves: CVE-2024-5998 Source advisory: SNYK:PYTHON-LANGCHAINCOMMUNITY-11356595...
CVE-2024-5998 Deserialization of Untrusted Data in langchain-ai/langchain
A vulnerability in the FAISS.deserializefrombytes function of langchain-ai/langchain allows for pickle deserialization of untrusted data. This can lead to the execution of arbitrary commands via the os.system function. The issue affects the latest version of the product...
CVE-2024-5998 Deserialization of Untrusted Data in langchain-ai/langchain
A vulnerability in the FAISS.deserializefrombytes function of langchain-ai/langchain allows for pickle deserialization of untrusted data. This can lead to the execution of arbitrary commands via the os.system function. The issue affects the latest version of the product...