Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
LangChain through 0.1.10 allows ../ directory traversal by an actor who is able to control the final part of the path parameter in a load_chain call. This bypasses the intended behavior of loading configurations only from the hwchase17/langchain-hub GitHub repository. The outcome can be disclosure of an API key for a large language model online service, or remote code execution. (A patch is available as of release 0.1.29 of langchain-core.)
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
LangChain 安全漏洞
Vulnerability Description
LangChain是通过可组合性使用 LLM 构建应用程序。 LangChain 0.1.10及之前版本存在安全漏洞,该漏洞源于加载配置文件时存在URI遍历漏洞。
CVSS Information
N/A
Vulnerability Type
N/A