2 matches found
CVE-2025-6985
The CVE-2025-6985 entry concerns LangChain Text Splitters (langchain-text-splitters) v0.3.8, with an XML External Entity (XXE) risk due to unsafe XSLT parsing. The connected docs explain that arbitrary XSLT stylesheets are parsed using lxml.etree.parse() and lxml.etree.XSLT() without hardening, a...
PT-2025-29689
Name of the Vulnerable Software and Affected Versions langchain-text-splitters version 0.3.8 Description The HTMLSectionSplitter class is susceptible to XML External Entity XXE attacks because of unsafe XSLT parsing. The class permits the use of arbitrary XSLT stylesheets, which are parsed using...