LangChain through 0.1.10 allows …/ directory traversal by an actor who is able to control the final part of the path parameter in a load_chain call. This bypasses the intended behavior of loading configurations only from the hwchase17/langchain-hub GitHub repository. The outcome can be disclosure of an API key for a large language model online service, or remote code execution. (A patch is available as of release 0.1.29 of langchain-core.)
[
{
"cpes": [
"cpe:2.3:a:langchain:langchain:*:*:*:*:*:*:*:*"
],
"vendor": "langchain",
"product": "langchain",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "custom",
"lessThanOrEqual": "0.1.10"
}
],
"defaultStatus": "unknown"
}
]