Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Deserialization of Untrusted Data in langchain-ai/langchain
Vulnerability Description
A vulnerability in the FAISS.deserialize_from_bytes function of langchain-ai/langchain allows for pickle deserialization of untrusted data. This can lead to the execution of arbitrary commands via the os.system function. The issue affects the latest version of the product.
CVSS Information
N/A
Vulnerability Type
可信数据的反序列化
Vulnerability Title
LangChain 代码问题漏洞
Vulnerability Description
LangChain是LangChain开源的一个本地托管聊天机器人的实现,专门致力于通过LangChain文档回答问题。 LangChain存在代码问题漏洞,该漏洞源于FAISS.deserialize_from_bytes函数对不可信数据的pickle反序列化处理,这可能导致通过os.system函数执行任意命令。
CVSS Information
N/A
Vulnerability Type
N/A