Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
langchain-ai v0.3.51 was discovered to contain an indirect prompt injection vulnerability in the GmailToolkit component. This vulnerability allows attackers to execute arbitrary code and compromise the application via a crafted email message. NOTE: this is disputed by the Supplier because the code-execution issue was introduced by user-written code that does not adhere to the LangChain security practices.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
LangChain 安全漏洞
Vulnerability Description
LangChain是LangChain开源的一个用于开发由大型语言模型 (LLM) 提供支持的应用程序的框架。 LangChain v0.3.51版本存在安全漏洞,该漏洞源于GmailToolkit组件存在间接提示注入,可能导致执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A