Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
LangChain <= 0.3.1 MRKLOutputParser ReDoS
Vulnerability Description
LangChain versions up to and including 0.3.1 contain a regular expression denial-of-service (ReDoS) vulnerability in the MRKLOutputParser.parse() method (libs/langchain/langchain/agents/mrkl/output_parser.py). The parser applies a backtracking-prone regular expression when extracting tool actions from model output. An attacker who can supply or influence the parsed text (for example via prompt injection in downstream applications that pass LLM output directly into MRKLOutputParser.parse()) can trigger excessive CPU consumption by providing a crafted payload, causing significant parsing delays and a denial-of-service condition.
CVSS Information
N/A
Vulnerability Type
CWE-1333
Vulnerability Title
LangChain 安全漏洞
Vulnerability Description
LangChain是LangChain开源的一个用于开发由大型语言模型 (LLM) 提供支持的应用程序的框架。 LangChain 0.3.1及之前版本存在安全漏洞,该漏洞源于MRKLOutputParser.parse方法使用易受回溯攻击的正则表达式,可能导致正则表达式拒绝服务攻击。
CVSS Information
N/A
Vulnerability Type
N/A