Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Billion Laughs Attack leading to DoS in langchain-ai/langchain
Vulnerability Description
A vulnerability in the langchain-ai/langchain repository allows for a Billion Laughs Attack, a type of XML External Entity (XXE) exploitation. By nesting multiple layers of entities within an XML document, an attacker can cause the XML parser to consume excessive CPU and memory resources, leading to a denial of service (DoS).
CVSS Information
N/A
Vulnerability Type
DTD中递归实体索引的不恰当限制(XML实体扩展)
Vulnerability Title
LangChain 安全漏洞
Vulnerability Description
LangChain是通过可组合性使用 LLM 构建应用程序。 LangChain 存在安全漏洞,该漏洞源于允许攻击者通过 LLM 为解析器生成恶意载荷,从而损害服务的可用性。
CVSS Information
N/A
Vulnerability Type
N/A