Lucene search
K

5 matches found

Github Security Blog
Github Security Blog
added 2026/02/25 10:59 p.m.8 views

LangChain Community: redirect chaining can lead to SSRF bypass via RecursiveUrlLoader

Summary A redirect-based Server-Side Request Forgery SSRF bypass exists in RecursiveUrlLoader in @langchain/community. The loader validates the initial URL but allows the underlying fetch to follow redirects automatically, which permits a transition from a safe public URL to an internal or metada...

7.4CVSS5.6AI score0.00371EPSS
Exploits0References9Affected Software1
OSV
OSV
added 2024/02/26 4:27 p.m.14 views

CVE-2024-0243

With the following crawler configuration: python from bs4 import BeautifulSoup as Soup url = "https://example.com" loader = RecursiveUrlLoader url=url, maxdepth=2, extractor=lambda x: Soupx, "html.parser".text docs = loader.load An attacker in control of the contents of https://example.com could...

8.1CVSS6.9AI score
Exploits0References3
PyPA
PyPA
added 2024/02/26 4:27 p.m.4 views

PYSEC-2024-235

With the following crawler configuration:pythonfrom bs4 import BeautifulSoup as Soupurl = "https://example.com"loader = RecursiveUrlLoader url=url, maxdepth=2, extractor=lambda x: Soupx, "html.parser".textdocs = loader.loadAn attacker in control of the contents of https://example.com could place ...

8.1CVSS6.7AI score0.00517EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2024/02/24 5:59 p.m.18 views

CVE-2024-0243 Server-side Request Forgery In Recursive URL Loader

With the following crawler configuration: python from bs4 import BeautifulSoup as Soup url = "https://example.com" loader = RecursiveUrlLoader url=url, maxdepth=2, extractor=lambda x: Soupx, "html.parser".text docs = loader.load An attacker in control of the contents of https://example.com could...

3.7CVSS4.3AI score0.00517EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2024/02/24 12:0 a.m.3 views

PT-2024-15407 · Langchain Ai · Langchain

Name of the Vulnerable Software and Affected Versions: langchain versions prior to the version that includes the fix from https://github.com/langchain-ai/langchain/pull/15559 Description: The issue arises when an attacker controls the contents of a website, such as https://example.com, and places...

8.1CVSS4.5AI score0.00517EPSS
Exploits1References11
Rows per page
Query Builder