5 matches found
XML External Entity (XXE)
langchaincore is vulnerable to XML External Entity XXE. The vulnerability is due to the usage of the etree module from the XML parser within the XMLOutputParser component of LangChain, allowing attackers to inject malicious input into the XMLOutputParser...
GHSA-Q84M-RMW3-4382 LangChain's XMLOutputParser vulnerable to XML Entity Expansion
The XMLOutputParser in LangChain uses the etree module from the XML parser in the standard python library which has some XML vulnerabilities; see: https://docs.python.org/3/library/xml.html This primarily affects users that combine an LLM or agent with the XMLOutputParser and expose the component...
LangChain's XMLOutputParser vulnerable to XML Entity Expansion
The XMLOutputParser in LangChain uses the etree module from the XML parser in the standard python library which has some XML vulnerabilities; see: https://docs.python.org/3/library/xml.html This primarily affects users that combine an LLM or agent with the XMLOutputParser and expose the component...
CVE-2024-1455
CVE-2024-1455 concerns a Billion Laughs Attack (XML External Entity) affecting the langchain-ai/langchain repository. Connected sources indicate the vulnerability centers on the XMLOutputParser using the standard Python etree XML parser, enabling an attacker to nest entities in XML to exhaust CPU...
PT-2024-18059 · Langchain · Langchain
Name of the Vulnerable Software and Affected Versions: LangChain affected versions not specified Description: The issue concerns the XMLOutputParser in LangChain, which utilizes the etree module from the XML parser in the standard Python library. This library has some XML vulnerabilities, making ...