Lucene search

@huntr_aiVULNRICHMENT:CVE-2024-5998

HistorySep 17, 2024 - 11:50 a.m.

CVE-2024-5998 Deserialization of Untrusted Data in langchain-ai/langchain

2024-09-1711:50:13

CWE-502

@huntr_ai

github.com

cve-2024-5998

untrusted data

faiss.deserialize_from_bytes

langchain-ai/langchain

arbitrary commands

os.system

latest version

CVSS3

5.2

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L

AI Score

7.4

Confidence

High

EPSS

Percentile

9.6%

SSVC

Exploitation

poc

Automatable

Technical Impact

partial

JSON

A vulnerability in the FAISS.deserialize_from_bytes function of langchain-ai/langchain allows for pickle deserialization of untrusted data. This can lead to the execution of arbitrary commands via the os.system function. The issue affects the latest version of the product.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:langchain:langchain:*:*:*:*:*:*:*:*"
    ],
    "vendor": "langchain",
    "product": "langchain",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "0.2.9",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

github.com/langchain-ai/langchain/commit/604dfe2d99246b0c09f047c604f0c63eafba31e7

huntr.com/bounties/fa3a2753-57c3-4e08-a176-d7a3ffda28fe