Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Exposure of Sensitive System Information via ImagePromptTemplate in langchain-ai/langchain
Vulnerability Description
A vulnerability in langchain-core versions >=0.1.17,<0.1.53, >=0.2.0,<0.2.43, and >=0.3.0,<0.3.15 allows unauthorized users to read arbitrary files from the host file system. The issue arises from the ability to create langchain_core.prompts.ImagePromptTemplate's (and by extension langchain_core.prompts.ChatPromptTemplate's) with input variables that can read any user-specified path from the server file system. If the outputs of these prompt templates are exposed to the user, either directly or through downstream model outputs, it can lead to the exposure of sensitive information.
CVSS Information
N/A
Vulnerability Type
将系统数据暴露到未授权控制的范围
Vulnerability Title
LangChain 安全漏洞
Vulnerability Description
LangChain是LangChain开源的一个用于开发由大型语言模型 (LLM) 提供支持的应用程序的框架。 LangChain 0.1.17至0.1.53版本、0.2.0至0.2.43版本和0.3.0至0.3.15版本存在安全漏洞,该漏洞源于未授权用户可以从主机文件系统读取任意文件。
CVSS Information
N/A
Vulnerability Type
N/A