Lucene search
+L

7 matches found

Vulnrichment
Vulnrichment
added 2024/10/29 12:50 p.m.18 views

CVE-2024-8309 SQL Injection in langchain-ai/langchain

A vulnerability in the GraphCypherQAChain class of langchain-ai/langchain version 0.2.5 allows for SQL injection through prompt injection. This vulnerability can lead to unauthorized data manipulation, data exfiltration, denial of service DoS by deleting all data, breaches in multi-tenant securit...

4.9CVSS8.5AI score0.13803EPSS
Exploits2References2
NVD
NVD
added 2024/09/17 12:15 p.m.43 views

CVE-2024-5998

A vulnerability in the FAISS.deserializefrombytes function of langchain-ai/langchain allows for pickle deserialization of untrusted data. This can lead to the execution of arbitrary commands via the os.system function. The issue affects the latest version of the product...

7.8CVSS0.00358EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/09/17 11:50 a.m.15 views

CVE-2024-5998 Deserialization of Untrusted Data in langchain-ai/langchain

A vulnerability in the FAISS.deserializefrombytes function of langchain-ai/langchain allows for pickle deserialization of untrusted data. This can lead to the execution of arbitrary commands via the os.system function. The issue affects the latest version of the product...

5.2CVSS7.4AI score0.00358EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2024/06/06 9:30 p.m.63 views

Denial of service in langchain-community

Denial of service in SitemapLoader Document Loader in the langchain-community package, affecting versions below 0.2.5. The parsesitemap method, responsible for parsing sitemaps and extracting URLs, lacks a mechanism to prevent infinite recursion when a sitemap URL refers to the current sitemap...

4.7CVSS4.3AI score0.00301EPSS
Exploits1References7Affected Software2
CVE
CVE
added 2024/06/06 6:52 p.m.88 views

CVE-2024-2965

CVE-2024-2965 affects the LangChain SitemapLoader in langchain-ai/langchain. The parse_sitemap function lacks a guard against self-referential sitemap recursion, enabling an infinite recursion loop that can exhaust server resources and crash the Python process. Multiple trusted sources (NVD, Red ...

4.7CVSS4.3AI score0.00301EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/06/06 6:28 p.m.18 views

CVE-2024-3095 SSRF in Langchain Web Research Retriever in langchain-ai/langchain

A Server-Side Request Forgery SSRF vulnerability exists in the Web Research Retriever component of langchain-ai/langchain version 0.1.5. The vulnerability arises because the Web Research Retriever does not restrict requests to remote internet addresses, allowing it to reach local addresses. This...

4.8CVSS7.5AI score0.00691EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/03/26 2:3 p.m.39 views

CVE-2024-1455 Billion Laughs Attack leading to DoS in langchain-ai/langchain

A vulnerability in the langchain-ai/langchain repository allows for a Billion Laughs Attack, a type of XML External Entity XXE exploitation. By nesting multiple layers of entities within an XML document, an attacker can cause the XML parser to consume excessive CPU and memory resources, leading t...

5.9CVSS5.9AI score0.0077EPSS
Exploits1References2
Rows per page
Query Builder