Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
LangGraph Checkpoint affected by RCE in "json" mode of JsonPlusSerializer
Vulnerability Description
LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB (both sync and async, via aiosqlite). In versions 2.1.2 and below, the JsonPlusSerializer (used as the default serialization protocol for all checkpointing) contains a Remote Code Execution (RCE) vulnerability when deserializing payloads saved in the "json" serialization mode. By default, the serializer attempts to use "msgpack" for serialization. However, prior to version 3.0 of the checkpointer library, if illegal Unicode surrogate values caused serialization to fail, it would fall back to using the "json" mode. This issue is fixed in version 3.0.0.
CVSS Information
N/A
Vulnerability Type
可信数据的反序列化
Vulnerability Title
langgraph 代码问题漏洞
Vulnerability Description
langgraph是LangChain开源的一个大模型框架。 langgraph 2.1.2及以下版本存在代码问题漏洞,该漏洞源于JsonPlusSerializer在反序列化json模式保存的有效载荷时存在远程代码执行漏洞。
CVSS Information
N/A
Vulnerability Type
N/A