pysec-2024-43
Vulnerability from pysec
Published
2024-03-04 00:15
Modified
2024-03-05 10:22
Details

LangChain through 0.1.10 allows ../ directory traversal by an actor who is able to control the final part of the path parameter in a load_chain call. This bypasses the intended behavior of loading configurations only from the hwchase17/langchain-hub GitHub repository. The outcome can be disclosure of an API key for a large language model online service, or remote code execution.

Aliases



{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "langchain",
        "purl": "pkg:pypi/langchain"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.1.11"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "0.0.1",
        "0.0.10",
        "0.0.100",
        "0.0.101",
        "0.0.101rc0",
        "0.0.102",
        "0.0.102rc0",
        "0.0.103",
        "0.0.104",
        "0.0.105",
        "0.0.106",
        "0.0.107",
        "0.0.108",
        "0.0.109",
        "0.0.11",
        "0.0.110",
        "0.0.111",
        "0.0.112",
        "0.0.113",
        "0.0.114",
        "0.0.115",
        "0.0.116",
        "0.0.117",
        "0.0.118",
        "0.0.119",
        "0.0.12",
        "0.0.120",
        "0.0.121",
        "0.0.122",
        "0.0.123",
        "0.0.124",
        "0.0.125",
        "0.0.126",
        "0.0.127",
        "0.0.128",
        "0.0.129",
        "0.0.13",
        "0.0.130",
        "0.0.131",
        "0.0.132",
        "0.0.133",
        "0.0.134",
        "0.0.135",
        "0.0.136",
        "0.0.137",
        "0.0.138",
        "0.0.139",
        "0.0.14",
        "0.0.140",
        "0.0.141",
        "0.0.142",
        "0.0.143",
        "0.0.144",
        "0.0.145",
        "0.0.146",
        "0.0.147",
        "0.0.148",
        "0.0.149",
        "0.0.15",
        "0.0.150",
        "0.0.151",
        "0.0.152",
        "0.0.153",
        "0.0.154",
        "0.0.155",
        "0.0.156",
        "0.0.157",
        "0.0.158",
        "0.0.159",
        "0.0.16",
        "0.0.160",
        "0.0.161",
        "0.0.162",
        "0.0.163",
        "0.0.164",
        "0.0.165",
        "0.0.166",
        "0.0.167",
        "0.0.168",
        "0.0.169",
        "0.0.17",
        "0.0.170",
        "0.0.171",
        "0.0.172",
        "0.0.173",
        "0.0.174",
        "0.0.175",
        "0.0.176",
        "0.0.177",
        "0.0.178",
        "0.0.179",
        "0.0.18",
        "0.0.180",
        "0.0.181",
        "0.0.182",
        "0.0.183",
        "0.0.184",
        "0.0.185",
        "0.0.186",
        "0.0.187",
        "0.0.188",
        "0.0.189",
        "0.0.19",
        "0.0.190",
        "0.0.191",
        "0.0.192",
        "0.0.193",
        "0.0.194",
        "0.0.195",
        "0.0.196",
        "0.0.197",
        "0.0.198",
        "0.0.199",
        "0.0.2",
        "0.0.20",
        "0.0.200",
        "0.0.201",
        "0.0.202",
        "0.0.203",
        "0.0.204",
        "0.0.205",
        "0.0.206",
        "0.0.207",
        "0.0.208",
        "0.0.209",
        "0.0.21",
        "0.0.210",
        "0.0.211",
        "0.0.212",
        "0.0.213",
        "0.0.214",
        "0.0.215",
        "0.0.216",
        "0.0.217",
        "0.0.218",
        "0.0.219",
        "0.0.22",
        "0.0.220",
        "0.0.221",
        "0.0.222",
        "0.0.223",
        "0.0.224",
        "0.0.225",
        "0.0.226",
        "0.0.227",
        "0.0.228",
        "0.0.229",
        "0.0.23",
        "0.0.230",
        "0.0.231",
        "0.0.232",
        "0.0.233",
        "0.0.234",
        "0.0.235",
        "0.0.236",
        "0.0.237",
        "0.0.238",
        "0.0.239",
        "0.0.24",
        "0.0.240",
        "0.0.240rc0",
        "0.0.240rc1",
        "0.0.240rc4",
        "0.0.242",
        "0.0.243",
        "0.0.244",
        "0.0.245",
        "0.0.246",
        "0.0.247",
        "0.0.248",
        "0.0.249",
        "0.0.25",
        "0.0.250",
        "0.0.251",
        "0.0.252",
        "0.0.253",
        "0.0.254",
        "0.0.255",
        "0.0.256",
        "0.0.257",
        "0.0.258",
        "0.0.259",
        "0.0.26",
        "0.0.260",
        "0.0.261",
        "0.0.262",
        "0.0.263",
        "0.0.264",
        "0.0.265",
        "0.0.266",
        "0.0.267",
        "0.0.268",
        "0.0.269",
        "0.0.27",
        "0.0.270",
        "0.0.271",
        "0.0.272",
        "0.0.273",
        "0.0.274",
        "0.0.275",
        "0.0.276",
        "0.0.277",
        "0.0.278",
        "0.0.279",
        "0.0.28",
        "0.0.281",
        "0.0.283",
        "0.0.284",
        "0.0.285",
        "0.0.286",
        "0.0.287",
        "0.0.288",
        "0.0.289",
        "0.0.29",
        "0.0.290",
        "0.0.291",
        "0.0.292",
        "0.0.293",
        "0.0.294",
        "0.0.295",
        "0.0.296",
        "0.0.297",
        "0.0.298",
        "0.0.299",
        "0.0.3",
        "0.0.30",
        "0.0.300",
        "0.0.301",
        "0.0.302",
        "0.0.303",
        "0.0.304",
        "0.0.305",
        "0.0.306",
        "0.0.307",
        "0.0.308",
        "0.0.309",
        "0.0.31",
        "0.0.310",
        "0.0.311",
        "0.0.312",
        "0.0.313",
        "0.0.314",
        "0.0.315",
        "0.0.316",
        "0.0.317",
        "0.0.318",
        "0.0.319",
        "0.0.32",
        "0.0.320",
        "0.0.321",
        "0.0.322",
        "0.0.323",
        "0.0.324",
        "0.0.325",
        "0.0.326",
        "0.0.327",
        "0.0.329",
        "0.0.33",
        "0.0.330",
        "0.0.331",
        "0.0.331rc0",
        "0.0.331rc1",
        "0.0.331rc2",
        "0.0.331rc3",
        "0.0.332",
        "0.0.333",
        "0.0.334",
        "0.0.335",
        "0.0.336",
        "0.0.337",
        "0.0.338",
        "0.0.339",
        "0.0.339rc0",
        "0.0.339rc1",
        "0.0.339rc2",
        "0.0.339rc3",
        "0.0.34",
        "0.0.340",
        "0.0.341",
        "0.0.342",
        "0.0.343",
        "0.0.344",
        "0.0.345",
        "0.0.346",
        "0.0.347",
        "0.0.348",
        "0.0.349",
        "0.0.349rc1",
        "0.0.349rc2",
        "0.0.35",
        "0.0.350",
        "0.0.351",
        "0.0.352",
        "0.0.353",
        "0.0.354",
        "0.0.36",
        "0.0.37",
        "0.0.38",
        "0.0.39",
        "0.0.4",
        "0.0.40",
        "0.0.41",
        "0.0.42",
        "0.0.43",
        "0.0.44",
        "0.0.45",
        "0.0.46",
        "0.0.47",
        "0.0.48",
        "0.0.49",
        "0.0.5",
        "0.0.50",
        "0.0.51",
        "0.0.52",
        "0.0.53",
        "0.0.54",
        "0.0.55",
        "0.0.56",
        "0.0.57",
        "0.0.58",
        "0.0.59",
        "0.0.6",
        "0.0.60",
        "0.0.61",
        "0.0.63",
        "0.0.64",
        "0.0.65",
        "0.0.66",
        "0.0.67",
        "0.0.68",
        "0.0.69",
        "0.0.7",
        "0.0.70",
        "0.0.71",
        "0.0.72",
        "0.0.73",
        "0.0.74",
        "0.0.75",
        "0.0.76",
        "0.0.77",
        "0.0.78",
        "0.0.79",
        "0.0.8",
        "0.0.80",
        "0.0.81",
        "0.0.82",
        "0.0.83",
        "0.0.84",
        "0.0.85",
        "0.0.86",
        "0.0.87",
        "0.0.88",
        "0.0.89",
        "0.0.9",
        "0.0.90",
        "0.0.91",
        "0.0.92",
        "0.0.93",
        "0.0.94",
        "0.0.95",
        "0.0.96",
        "0.0.97",
        "0.0.98",
        "0.0.99",
        "0.0.99rc0",
        "0.1.0",
        "0.1.1",
        "0.1.10",
        "0.1.2",
        "0.1.3",
        "0.1.4",
        "0.1.5",
        "0.1.6",
        "0.1.7",
        "0.1.8",
        "0.1.9"
      ]
    }
  ],
  "aliases": [
    "CVE-2024-28088"
  ],
  "details": "LangChain through 0.1.10 allows ../ directory traversal by an actor who is able to control the final part of the path parameter in a load_chain call. This bypasses the intended behavior of loading configurations only from the hwchase17/langchain-hub GitHub repository. The outcome can be disclosure of an API key for a large language model online service, or remote code execution.",
  "id": "PYSEC-2024-43",
  "modified": "2024-03-05T10:22:15.555734+00:00",
  "published": "2024-03-04T00:15:00+00:00",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/PinkDraconian/PoC-Langchain-RCE/blob/main/README.md"
    },
    {
      "type": "WEB",
      "url": "https://github.com/langchain-ai/langchain/blob/f96dd57501131840b713ed7c2e86cbf1ddc2761f/libs/core/langchain_core/utils/loading.py"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...
  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.