Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Path Traversal in langchain-ai/langchain
Vulnerability Description
langchain-ai/langchain is vulnerable to path traversal due to improper limitation of a pathname to a restricted directory ('Path Traversal') in its LocalFileStore functionality. An attacker can leverage this vulnerability to read or write files anywhere on the filesystem, potentially leading to information disclosure or remote code execution. The issue lies in the handling of file paths in the mset and mget methods, where user-supplied input is not adequately sanitized, allowing directory traversal sequences to reach unintended directories.
CVSS Information
N/A
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
LangChain 路径遍历漏洞
Vulnerability Description
LangChain是通过可组合性使用 LLM 构建应用程序。 LangChain 存在路径遍历漏洞,该漏洞源于容易受到路径遍历的攻击,攻击者可以利用此漏洞在文件系统上的任何位置读取或写入文件,可能导致信息泄露或远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A