漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
Vulnerability Description
LangChain through 0.1.10 allows ../ directory traversal by an actor who is able to control the final part of the path parameter in a load_chain call. This bypasses the intended behavior of loading configurations only from the hwchase17/langchain-hub GitHub repository. The outcome can be disclosure of an API key for a large language model online service, or remote code execution. (A patch is available as of release 0.1.29 of langchain-core.)
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
LangChain 安全漏洞
Vulnerability Description
LangChain是通过可组合性使用 LLM 构建应用程序。 LangChain 0.1.10及之前版本存在安全漏洞,该漏洞源于加载配置文件时存在URI遍历漏洞。
CVSS Information
N/A
Vulnerability Type
N/A