漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Path Traversal in langchain-ai/langchain
Vulnerability Description
langchain-ai/langchain is vulnerable to path traversal due to improper limitation of a pathname to a restricted directory ('Path Traversal') in its LocalFileStore functionality. An attacker can leverage this vulnerability to read or write files anywhere on the filesystem, potentially leading to information disclosure or remote code execution. The issue lies in the handling of file paths in the mset and mget methods, where user-supplied input is not adequately sanitized, allowing directory traversal sequences to reach unintended directories.
CVSS Information
N/A
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
LangChain 路径遍历漏洞
Vulnerability Description
LangChain是通过可组合性使用 LLM 构建应用程序。 LangChain 存在路径遍历漏洞,该漏洞源于容易受到路径遍历的攻击,攻击者可以利用此漏洞在文件系统上的任何位置读取或写入文件,可能导致信息泄露或远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A