Lucene search
+L

5 matches found

Github Security Blog
Github Security Blog
added 2024/10/29 3:32 p.m.49 views

@langchain/community SQL Injection vulnerability

A vulnerability in the GraphCypherQAChain class of langchain-ai/langchainjs versions 0.2.5 and all versions with this class allows for prompt injection, leading to SQL injection. This vulnerability permits unauthorized data manipulation, data exfiltration, denial of service DoS by deleting all...

9.8CVSS8.1AI score0.0031EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2024/10/29 12:50 p.m.38 views

CVE-2024-7042 Prompt Injection in langchain-ai/langchainjs Leading to SQL Injection

A vulnerability in the GraphCypherQAChain class of langchain-ai/langchainjs versions 0.2.5 and all versions with this class allows for prompt injection, leading to SQL injection. This vulnerability permits unauthorized data manipulation, data exfiltration, denial of service DoS by deleting all...

4.9CVSS0.0031EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/10/29 12:49 p.m.15 views

CVE-2024-7774 Path Traversal in langchain-ai/langchainjs

A path traversal vulnerability exists in the getFullPath method of langchain-ai/langchainjs version 0.2.5. This vulnerability allows attackers to save files anywhere in the filesystem, overwrite existing text files, read .txt files, and delete files. The vulnerability is exploited through the...

6.5CVSS7AI score0.00545EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/10/29 12:49 p.m.36 views

CVE-2024-7774 Path Traversal in langchain-ai/langchainjs

A path traversal vulnerability exists in the getFullPath method of langchain-ai/langchainjs version 0.2.5. This vulnerability allows attackers to save files anywhere in the filesystem, overwrite existing text files, read .txt files, and delete files. The vulnerability is exploited through the...

6.5CVSS0.00545EPSS
Exploits1References2
OSV
OSV
added 2024/10/29 12:49 p.m.17 views

CVE-2024-7774 Path Traversal in langchain-ai/langchainjs

A path traversal vulnerability exists in the getFullPath method of langchain-ai/langchainjs version 0.2.5. This vulnerability allows attackers to save files anywhere in the filesystem, overwrite existing text files, read .txt files, and delete files. The vulnerability is exploited through the...

6.5CVSS6.6AI score0.00545EPSS
Exploits1References4
Rows per page
Query Builder