Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
LangGraph: Unsafe msgpack deserialization in LangGraph checkpoint loading
Vulnerability Description
LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB (both sync and async, via aiosqlite). In version 1.0.9 and prior, LangGraph checkpointers can load msgpack-encoded checkpoints that reconstruct Python objects during deserialization. If an attacker can modify checkpoint data in the backing store (for example, after a database compromise or other privileged write access to the persistence layer), they can potentially supply a crafted payload that triggers unsafe object reconstruction when the checkpoint is loaded. No known patch is public.
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
可信数据的反序列化
Vulnerability Title
langgraph 代码问题漏洞
Vulnerability Description
langgraph是LangChain开源的一个大模型框架。 langgraph 1.0.9及之前版本存在代码问题漏洞,该漏洞源于反序列化过程中可能重建Python对象,可能导致不安全的对象重建。
CVSS Information
N/A
Vulnerability Type
N/A