PYSEC-2024-114
Vulnerability from pysec - Published: 2024-10-29 13:15 - Updated: 2024-11-04 19:21
VLAI?
Details
A vulnerability in the GraphCypherQAChain class of langchain-ai/langchainjs versions 0.2.5 and all versions with this class allows for prompt injection, leading to SQL injection. This vulnerability permits unauthorized data manipulation, data exfiltration, denial of service (DoS) by deleting all data, breaches in multi-tenant security environments, and data integrity issues. Attackers can create, update, or delete nodes and relationships without proper authorization, extract sensitive data, disrupt services, access data across different tenants, and compromise the integrity of the database.
Severity ?
9.8 (Critical)
Impacted products
| Name | purl | langchain | pkg:pypi/langchain |
|---|
Aliases
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "langchain",
"purl": "pkg:pypi/langchain"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "615b9d9ab30a2d23a2f95fb8d7acfdf4b41ad7a6"
}
],
"repo": "https://github.com/langchain-ai/langchainjs",
"type": "GIT"
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.3.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.0.1",
"0.0.10",
"0.0.100",
"0.0.101",
"0.0.101rc0",
"0.0.102",
"0.0.102rc0",
"0.0.103",
"0.0.104",
"0.0.105",
"0.0.106",
"0.0.107",
"0.0.108",
"0.0.109",
"0.0.11",
"0.0.110",
"0.0.111",
"0.0.112",
"0.0.113",
"0.0.114",
"0.0.115",
"0.0.116",
"0.0.117",
"0.0.118",
"0.0.119",
"0.0.12",
"0.0.120",
"0.0.121",
"0.0.122",
"0.0.123",
"0.0.124",
"0.0.125",
"0.0.126",
"0.0.127",
"0.0.128",
"0.0.129",
"0.0.13",
"0.0.130",
"0.0.131",
"0.0.132",
"0.0.133",
"0.0.134",
"0.0.135",
"0.0.136",
"0.0.137",
"0.0.138",
"0.0.139",
"0.0.14",
"0.0.140",
"0.0.141",
"0.0.142",
"0.0.143",
"0.0.144",
"0.0.145",
"0.0.146",
"0.0.147",
"0.0.148",
"0.0.149",
"0.0.15",
"0.0.150",
"0.0.151",
"0.0.152",
"0.0.153",
"0.0.154",
"0.0.155",
"0.0.156",
"0.0.157",
"0.0.158",
"0.0.159",
"0.0.16",
"0.0.160",
"0.0.161",
"0.0.162",
"0.0.163",
"0.0.164",
"0.0.165",
"0.0.166",
"0.0.167",
"0.0.168",
"0.0.169",
"0.0.17",
"0.0.170",
"0.0.171",
"0.0.172",
"0.0.173",
"0.0.174",
"0.0.175",
"0.0.176",
"0.0.177",
"0.0.178",
"0.0.179",
"0.0.18",
"0.0.180",
"0.0.181",
"0.0.182",
"0.0.183",
"0.0.184",
"0.0.185",
"0.0.186",
"0.0.187",
"0.0.188",
"0.0.189",
"0.0.19",
"0.0.190",
"0.0.191",
"0.0.192",
"0.0.193",
"0.0.194",
"0.0.195",
"0.0.196",
"0.0.197",
"0.0.198",
"0.0.199",
"0.0.2",
"0.0.20",
"0.0.200",
"0.0.201",
"0.0.202",
"0.0.203",
"0.0.204",
"0.0.205",
"0.0.206",
"0.0.207",
"0.0.208",
"0.0.209",
"0.0.21",
"0.0.210",
"0.0.211",
"0.0.212",
"0.0.213",
"0.0.214",
"0.0.215",
"0.0.216",
"0.0.217",
"0.0.218",
"0.0.219",
"0.0.22",
"0.0.220",
"0.0.221",
"0.0.222",
"0.0.223",
"0.0.224",
"0.0.225",
"0.0.226",
"0.0.227",
"0.0.228",
"0.0.229",
"0.0.23",
"0.0.230",
"0.0.231",
"0.0.232",
"0.0.233",
"0.0.234",
"0.0.235",
"0.0.236",
"0.0.237",
"0.0.238",
"0.0.239",
"0.0.24",
"0.0.240",
"0.0.240rc0",
"0.0.240rc1",
"0.0.240rc4",
"0.0.242",
"0.0.243",
"0.0.244",
"0.0.245",
"0.0.246",
"0.0.247",
"0.0.248",
"0.0.249",
"0.0.25",
"0.0.250",
"0.0.251",
"0.0.252",
"0.0.253",
"0.0.254",
"0.0.255",
"0.0.256",
"0.0.257",
"0.0.258",
"0.0.259",
"0.0.26",
"0.0.260",
"0.0.261",
"0.0.262",
"0.0.263",
"0.0.264",
"0.0.265",
"0.0.266",
"0.0.267",
"0.0.268",
"0.0.269",
"0.0.27",
"0.0.270",
"0.0.271",
"0.0.272",
"0.0.273",
"0.0.274",
"0.0.275",
"0.0.276",
"0.0.277",
"0.0.278",
"0.0.279",
"0.0.28",
"0.0.281",
"0.0.283",
"0.0.284",
"0.0.285",
"0.0.286",
"0.0.287",
"0.0.288",
"0.0.289",
"0.0.29",
"0.0.290",
"0.0.291",
"0.0.292",
"0.0.293",
"0.0.294",
"0.0.295",
"0.0.296",
"0.0.297",
"0.0.298",
"0.0.299",
"0.0.3",
"0.0.30",
"0.0.300",
"0.0.301",
"0.0.302",
"0.0.303",
"0.0.304",
"0.0.305",
"0.0.306",
"0.0.307",
"0.0.308",
"0.0.309",
"0.0.31",
"0.0.310",
"0.0.311",
"0.0.312",
"0.0.313",
"0.0.314",
"0.0.315",
"0.0.316",
"0.0.317",
"0.0.318",
"0.0.319",
"0.0.32",
"0.0.320",
"0.0.321",
"0.0.322",
"0.0.323",
"0.0.324",
"0.0.325",
"0.0.326",
"0.0.327",
"0.0.329",
"0.0.33",
"0.0.330",
"0.0.331",
"0.0.331rc0",
"0.0.331rc1",
"0.0.331rc2",
"0.0.331rc3",
"0.0.332",
"0.0.333",
"0.0.334",
"0.0.335",
"0.0.336",
"0.0.337",
"0.0.338",
"0.0.339",
"0.0.339rc0",
"0.0.339rc1",
"0.0.339rc2",
"0.0.339rc3",
"0.0.34",
"0.0.340",
"0.0.341",
"0.0.342",
"0.0.343",
"0.0.344",
"0.0.345",
"0.0.346",
"0.0.347",
"0.0.348",
"0.0.349",
"0.0.349rc1",
"0.0.349rc2",
"0.0.35",
"0.0.350",
"0.0.351",
"0.0.352",
"0.0.353",
"0.0.354",
"0.0.36",
"0.0.37",
"0.0.38",
"0.0.39",
"0.0.4",
"0.0.40",
"0.0.41",
"0.0.42",
"0.0.43",
"0.0.44",
"0.0.45",
"0.0.46",
"0.0.47",
"0.0.48",
"0.0.49",
"0.0.5",
"0.0.50",
"0.0.51",
"0.0.52",
"0.0.53",
"0.0.54",
"0.0.55",
"0.0.56",
"0.0.57",
"0.0.58",
"0.0.59",
"0.0.6",
"0.0.60",
"0.0.61",
"0.0.63",
"0.0.64",
"0.0.65",
"0.0.66",
"0.0.67",
"0.0.68",
"0.0.69",
"0.0.7",
"0.0.70",
"0.0.71",
"0.0.72",
"0.0.73",
"0.0.74",
"0.0.75",
"0.0.76",
"0.0.77",
"0.0.78",
"0.0.79",
"0.0.8",
"0.0.80",
"0.0.81",
"0.0.82",
"0.0.83",
"0.0.84",
"0.0.85",
"0.0.86",
"0.0.87",
"0.0.88",
"0.0.89",
"0.0.9",
"0.0.90",
"0.0.91",
"0.0.92",
"0.0.93",
"0.0.94",
"0.0.95",
"0.0.96",
"0.0.97",
"0.0.98",
"0.0.99",
"0.0.99rc0",
"0.1.0",
"0.1.1",
"0.1.10",
"0.1.11",
"0.1.12",
"0.1.13",
"0.1.14",
"0.1.15",
"0.1.16",
"0.1.17",
"0.1.17rc1",
"0.1.19",
"0.1.2",
"0.1.20",
"0.1.3",
"0.1.4",
"0.1.5",
"0.1.6",
"0.1.7",
"0.1.8",
"0.1.9",
"0.2.0",
"0.2.0rc1",
"0.2.0rc2",
"0.2.1",
"0.2.10",
"0.2.11",
"0.2.12",
"0.2.13",
"0.2.14",
"0.2.15",
"0.2.16",
"0.2.2",
"0.2.3",
"0.2.4",
"0.2.5",
"0.2.6",
"0.2.7",
"0.2.8",
"0.2.9",
"0.3.0",
"0.3.0.dev1",
"0.3.0.dev2",
"0.2.17"
]
}
],
"aliases": [
"CVE-2024-7042"
],
"details": "A vulnerability in the GraphCypherQAChain class of langchain-ai/langchainjs versions 0.2.5 and all versions with this class allows for prompt injection, leading to SQL injection. This vulnerability permits unauthorized data manipulation, data exfiltration, denial of service (DoS) by deleting all data, breaches in multi-tenant security environments, and data integrity issues. Attackers can create, update, or delete nodes and relationships without proper authorization, extract sensitive data, disrupt services, access data across different tenants, and compromise the integrity of the database.",
"id": "PYSEC-2024-114",
"modified": "2024-11-04T19:21:44.923698Z",
"published": "2024-10-29T13:15:00Z",
"references": [
{
"type": "EVIDENCE",
"url": "https://huntr.com/bounties/b612defb-1104-4fff-9fef-001ab07c7b2d"
},
{
"type": "WEB",
"url": "https://huntr.com/bounties/b612defb-1104-4fff-9fef-001ab07c7b2d"
},
{
"type": "FIX",
"url": "https://github.com/langchain-ai/langchainjs/commit/615b9d9ab30a2d23a2f95fb8d7acfdf4b41ad7a6"
}
],
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"withdrawn": "2025-06-07T18:43:00Z"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…