Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
LangChain Vulnerable to Template Injection via Attribute Access in Prompt Templates
Vulnerability Description
LangChain is a framework for building agents and LLM-powered applications. From versions 0.3.79 and prior and 1.0.0 to 1.0.6, a template injection vulnerability exists in LangChain's prompt template system that allows attackers to access Python object internals through template syntax. This vulnerability affects applications that accept untrusted template strings (not just template variables) in ChatPromptTemplate and related prompt template classes. This issue has been patched in versions 0.3.80 and 1.0.7.
CVSS Information
N/A
Vulnerability Type
CWE-1336
Vulnerability Title
LangChain 安全漏洞
Vulnerability Description
LangChain是LangChain开源的一个用于开发由大型语言模型 (LLM) 提供支持的应用程序的框架。 LangChain 0.3.79及之前版本和1.0.0版本至1.0.6版本存在安全漏洞,该漏洞源于模板注入,可能导致访问Python对象内部。
CVSS Information
N/A
Vulnerability Type
N/A