Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Denial-of-Service in LangChain SitemapLoader in langchain-ai/langchain
Vulnerability Description
A Denial-of-Service (DoS) vulnerability exists in the `SitemapLoader` class of the `langchain-ai/langchain` repository, affecting all versions. The `parse_sitemap` method, responsible for parsing sitemaps and extracting URLs, lacks a mechanism to prevent infinite recursion when a sitemap URL refers to the current sitemap itself. This oversight allows for the possibility of an infinite loop, leading to a crash by exceeding the maximum recursion depth in Python. This vulnerability can be exploited to occupy server socket/port resources and crash the Python process, impacting the availability of services relying on this functionality.
CVSS Information
N/A
Vulnerability Type
未经控制的递归
Vulnerability Title
LangChain 资源管理错误漏洞
Vulnerability Description
LangChain是通过可组合性使用 LLM 构建应用程序。 LangChain 存在资源管理错误漏洞,该漏洞源于负责解析站点地图和提取 URL 的 parse_sitemap 方法缺少一种机制来防止站点地图 URL 引用当前站点地图本身时出现无限递归。
CVSS Information
N/A
Vulnerability Type
N/A