pysec-2024-43
Vulnerability from pysec
Published
2024-03-04 00:15
Modified
2024-03-05 10:22
Details
LangChain through 0.1.10 allows ../ directory traversal by an actor who is able to control the final part of the path parameter in a load_chain call. This bypasses the intended behavior of loading configurations only from the hwchase17/langchain-hub GitHub repository. The outcome can be disclosure of an API key for a large language model online service, or remote code execution.
Aliases
{ "affected": [ { "package": { "ecosystem": "PyPI", "name": "langchain", "purl": "pkg:pypi/langchain" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "0.1.11" } ], "type": "ECOSYSTEM" } ], "versions": [ "0.0.1", "0.0.10", "0.0.100", "0.0.101", "0.0.101rc0", "0.0.102", "0.0.102rc0", "0.0.103", "0.0.104", "0.0.105", "0.0.106", "0.0.107", "0.0.108", "0.0.109", "0.0.11", "0.0.110", "0.0.111", "0.0.112", "0.0.113", "0.0.114", "0.0.115", "0.0.116", "0.0.117", "0.0.118", "0.0.119", "0.0.12", "0.0.120", "0.0.121", "0.0.122", "0.0.123", "0.0.124", "0.0.125", "0.0.126", "0.0.127", "0.0.128", "0.0.129", "0.0.13", "0.0.130", "0.0.131", "0.0.132", "0.0.133", "0.0.134", "0.0.135", "0.0.136", "0.0.137", "0.0.138", "0.0.139", "0.0.14", "0.0.140", "0.0.141", "0.0.142", "0.0.143", "0.0.144", "0.0.145", "0.0.146", "0.0.147", "0.0.148", "0.0.149", "0.0.15", "0.0.150", "0.0.151", "0.0.152", "0.0.153", "0.0.154", "0.0.155", "0.0.156", "0.0.157", "0.0.158", "0.0.159", "0.0.16", "0.0.160", "0.0.161", "0.0.162", "0.0.163", "0.0.164", "0.0.165", "0.0.166", "0.0.167", "0.0.168", "0.0.169", "0.0.17", "0.0.170", "0.0.171", "0.0.172", "0.0.173", "0.0.174", "0.0.175", "0.0.176", "0.0.177", "0.0.178", "0.0.179", "0.0.18", "0.0.180", "0.0.181", "0.0.182", "0.0.183", "0.0.184", "0.0.185", "0.0.186", "0.0.187", "0.0.188", "0.0.189", "0.0.19", "0.0.190", "0.0.191", "0.0.192", "0.0.193", "0.0.194", "0.0.195", "0.0.196", "0.0.197", "0.0.198", "0.0.199", "0.0.2", "0.0.20", "0.0.200", "0.0.201", "0.0.202", "0.0.203", "0.0.204", "0.0.205", "0.0.206", "0.0.207", "0.0.208", "0.0.209", "0.0.21", "0.0.210", "0.0.211", "0.0.212", "0.0.213", "0.0.214", "0.0.215", "0.0.216", "0.0.217", "0.0.218", "0.0.219", "0.0.22", "0.0.220", "0.0.221", "0.0.222", "0.0.223", "0.0.224", "0.0.225", "0.0.226", "0.0.227", "0.0.228", "0.0.229", "0.0.23", "0.0.230", "0.0.231", "0.0.232", "0.0.233", "0.0.234", "0.0.235", "0.0.236", "0.0.237", "0.0.238", "0.0.239", "0.0.24", "0.0.240", "0.0.240rc0", "0.0.240rc1", "0.0.240rc4", "0.0.242", "0.0.243", "0.0.244", "0.0.245", "0.0.246", "0.0.247", "0.0.248", "0.0.249", "0.0.25", "0.0.250", "0.0.251", "0.0.252", "0.0.253", "0.0.254", "0.0.255", "0.0.256", "0.0.257", "0.0.258", "0.0.259", "0.0.26", "0.0.260", "0.0.261", "0.0.262", "0.0.263", "0.0.264", "0.0.265", "0.0.266", "0.0.267", "0.0.268", "0.0.269", "0.0.27", "0.0.270", "0.0.271", "0.0.272", "0.0.273", "0.0.274", "0.0.275", "0.0.276", "0.0.277", "0.0.278", "0.0.279", "0.0.28", "0.0.281", "0.0.283", "0.0.284", "0.0.285", "0.0.286", "0.0.287", "0.0.288", "0.0.289", "0.0.29", "0.0.290", "0.0.291", "0.0.292", "0.0.293", "0.0.294", "0.0.295", "0.0.296", "0.0.297", "0.0.298", "0.0.299", "0.0.3", "0.0.30", "0.0.300", "0.0.301", "0.0.302", "0.0.303", "0.0.304", "0.0.305", "0.0.306", "0.0.307", "0.0.308", "0.0.309", "0.0.31", "0.0.310", "0.0.311", "0.0.312", "0.0.313", "0.0.314", "0.0.315", "0.0.316", "0.0.317", "0.0.318", "0.0.319", "0.0.32", "0.0.320", "0.0.321", "0.0.322", "0.0.323", "0.0.324", "0.0.325", "0.0.326", "0.0.327", "0.0.329", "0.0.33", "0.0.330", "0.0.331", "0.0.331rc0", "0.0.331rc1", "0.0.331rc2", "0.0.331rc3", "0.0.332", "0.0.333", "0.0.334", "0.0.335", "0.0.336", "0.0.337", "0.0.338", "0.0.339", "0.0.339rc0", "0.0.339rc1", "0.0.339rc2", "0.0.339rc3", "0.0.34", "0.0.340", "0.0.341", "0.0.342", "0.0.343", "0.0.344", "0.0.345", "0.0.346", "0.0.347", "0.0.348", "0.0.349", "0.0.349rc1", "0.0.349rc2", "0.0.35", "0.0.350", "0.0.351", "0.0.352", "0.0.353", "0.0.354", "0.0.36", "0.0.37", "0.0.38", "0.0.39", "0.0.4", "0.0.40", "0.0.41", "0.0.42", "0.0.43", "0.0.44", "0.0.45", "0.0.46", "0.0.47", "0.0.48", "0.0.49", "0.0.5", "0.0.50", "0.0.51", "0.0.52", "0.0.53", "0.0.54", "0.0.55", "0.0.56", "0.0.57", "0.0.58", "0.0.59", "0.0.6", "0.0.60", "0.0.61", "0.0.63", "0.0.64", "0.0.65", "0.0.66", "0.0.67", "0.0.68", "0.0.69", "0.0.7", "0.0.70", "0.0.71", "0.0.72", "0.0.73", "0.0.74", "0.0.75", "0.0.76", "0.0.77", "0.0.78", "0.0.79", "0.0.8", "0.0.80", "0.0.81", "0.0.82", "0.0.83", "0.0.84", "0.0.85", "0.0.86", "0.0.87", "0.0.88", "0.0.89", "0.0.9", "0.0.90", "0.0.91", "0.0.92", "0.0.93", "0.0.94", "0.0.95", "0.0.96", "0.0.97", "0.0.98", "0.0.99", "0.0.99rc0", "0.1.0", "0.1.1", "0.1.10", "0.1.2", "0.1.3", "0.1.4", "0.1.5", "0.1.6", "0.1.7", "0.1.8", "0.1.9" ] } ], "aliases": [ "CVE-2024-28088" ], "details": "LangChain through 0.1.10 allows ../ directory traversal by an actor who is able to control the final part of the path parameter in a load_chain call. This bypasses the intended behavior of loading configurations only from the hwchase17/langchain-hub GitHub repository. The outcome can be disclosure of an API key for a large language model online service, or remote code execution.", "id": "PYSEC-2024-43", "modified": "2024-03-05T10:22:15.555734+00:00", "published": "2024-03-04T00:15:00+00:00", "references": [ { "type": "WEB", "url": "https://github.com/PinkDraconian/PoC-Langchain-RCE/blob/main/README.md" }, { "type": "WEB", "url": "https://github.com/langchain-ai/langchain/blob/f96dd57501131840b713ed7c2e86cbf1ddc2761f/libs/core/langchain_core/utils/loading.py" } ] }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.