14 matches found
CVE-2024-7774
A path traversal vulnerability exists in the getFullPath method of langchain-ai/langchainjs version 0.2.5. This vulnerability allows attackers to save files anywhere in the filesystem, overwrite existing text files, read .txt files, and delete files. The vulnerability is exploited through the...
@langchain/community SQL Injection vulnerability
A vulnerability in the GraphCypherQAChain class of langchain-ai/langchainjs versions 0.2.5 and all versions with this class allows for prompt injection, leading to SQL injection. This vulnerability permits unauthorized data manipulation, data exfiltration, denial of service DoS by deleting all...
Langchain Path Traversal vulnerability
A path traversal vulnerability exists in the getFullPath method of langchain-ai/langchainjs version 0.2.5. This vulnerability allows attackers to save files anywhere in the filesystem, overwrite existing text files, read .txt files, and delete files. The vulnerability is exploited through the...
CVE-2024-7774
A path traversal vulnerability exists in the getFullPath method of langchain-ai/langchainjs version 0.2.5. This vulnerability allows attackers to save files anywhere in the filesystem, overwrite existing text files, read .txt files, and delete files. The vulnerability is exploited through the...
CVE-2024-7042
A vulnerability in the GraphCypherQAChain class of langchain-ai/langchainjs versions 0.2.5 and all versions with this class allows for prompt injection, leading to SQL injection. This vulnerability permits unauthorized data manipulation, data exfiltration, denial of service DoS by deleting all...
PYSEC-2024-111
A path traversal vulnerability exists in the getFullPath method of langchain-ai/langchainjs version 0.2.5. This vulnerability allows attackers to save files anywhere in the filesystem, overwrite existing text files, read .txt files, and delete files. The vulnerability is exploited through the...
PYSEC-2024-111
A path traversal vulnerability exists in the getFullPath method of langchain-ai/langchainjs version 0.2.5. This vulnerability allows attackers to save files anywhere in the filesystem, overwrite existing text files, read .txt files, and delete files. The vulnerability is exploited through the...
PYSEC-2024-114
A vulnerability in the GraphCypherQAChain class of langchain-ai/langchainjs versions 0.2.5 and all versions with this class allows for prompt injection, leading to SQL injection. This vulnerability permits unauthorized data manipulation, data exfiltration, denial of service DoS by deleting all...
CVE-2024-7042 Prompt Injection in langchain-ai/langchainjs Leading to SQL Injection
A vulnerability in the GraphCypherQAChain class of langchain-ai/langchainjs versions 0.2.5 and all versions with this class allows for prompt injection, leading to SQL injection. This vulnerability permits unauthorized data manipulation, data exfiltration, denial of service DoS by deleting all...
CVE-2024-7774 Path Traversal in langchain-ai/langchainjs
A path traversal vulnerability exists in the getFullPath method of langchain-ai/langchainjs version 0.2.5. This vulnerability allows attackers to save files anywhere in the filesystem, overwrite existing text files, read .txt files, and delete files. The vulnerability is exploited through the...
CVE-2024-7774 Path Traversal in langchain-ai/langchainjs
A path traversal vulnerability exists in the getFullPath method of langchain-ai/langchainjs version 0.2.5. This vulnerability allows attackers to save files anywhere in the filesystem, overwrite existing text files, read .txt files, and delete files. The vulnerability is exploited through the...
CVE-2024-7774
CVE-2024-7774 describes a path traversal in langchain-ai/langchainjs v0.2.5. The getFullPath path handling is vulnerable, allowing an attacker to save files anywhere, overwrite text files, read .txt files, and delete files via unsanitized input in getFullPath and related calls (setFileContent, ge...
PT-2024-38570 · Langchain Ai · Langchainjs
Name of the Vulnerable Software and Affected Versions: langchain-ai/langchainjs version 0.2.5 Description: A path traversal issue exists in the getFullPath method, allowing attackers to save files anywhere in the filesystem, overwrite existing text files, read .txt files, and delete files. The...
PT-2024-38042 · Langchain Ai · Langchainjs
Name of the Vulnerable Software and Affected Versions: langchain-ai/langchainjs versions 0.2.5 and later Description: The issue allows for prompt injection, leading to SQL injection, which can result in unauthorized data manipulation, data exfiltration, denial of service DoS by deleting all data,...