pysec-2024-43
Vulnerability from pysec
Published
2024-03-04 00:15
Modified
2024-03-05 10:22
Details
LangChain through 0.1.10 allows ../ directory traversal by an actor who is able to control the final part of the path parameter in a load_chain call. This bypasses the intended behavior of loading configurations only from the hwchase17/langchain-hub GitHub repository. The outcome can be disclosure of an API key for a large language model online service, or remote code execution.
Impacted products
| Name | purl | langchain | pkg:pypi/langchain |
|---|
Aliases
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "langchain",
"purl": "pkg:pypi/langchain"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.1.11"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.0.1",
"0.0.10",
"0.0.100",
"0.0.101",
"0.0.101rc0",
"0.0.102",
"0.0.102rc0",
"0.0.103",
"0.0.104",
"0.0.105",
"0.0.106",
"0.0.107",
"0.0.108",
"0.0.109",
"0.0.11",
"0.0.110",
"0.0.111",
"0.0.112",
"0.0.113",
"0.0.114",
"0.0.115",
"0.0.116",
"0.0.117",
"0.0.118",
"0.0.119",
"0.0.12",
"0.0.120",
"0.0.121",
"0.0.122",
"0.0.123",
"0.0.124",
"0.0.125",
"0.0.126",
"0.0.127",
"0.0.128",
"0.0.129",
"0.0.13",
"0.0.130",
"0.0.131",
"0.0.132",
"0.0.133",
"0.0.134",
"0.0.135",
"0.0.136",
"0.0.137",
"0.0.138",
"0.0.139",
"0.0.14",
"0.0.140",
"0.0.141",
"0.0.142",
"0.0.143",
"0.0.144",
"0.0.145",
"0.0.146",
"0.0.147",
"0.0.148",
"0.0.149",
"0.0.15",
"0.0.150",
"0.0.151",
"0.0.152",
"0.0.153",
"0.0.154",
"0.0.155",
"0.0.156",
"0.0.157",
"0.0.158",
"0.0.159",
"0.0.16",
"0.0.160",
"0.0.161",
"0.0.162",
"0.0.163",
"0.0.164",
"0.0.165",
"0.0.166",
"0.0.167",
"0.0.168",
"0.0.169",
"0.0.17",
"0.0.170",
"0.0.171",
"0.0.172",
"0.0.173",
"0.0.174",
"0.0.175",
"0.0.176",
"0.0.177",
"0.0.178",
"0.0.179",
"0.0.18",
"0.0.180",
"0.0.181",
"0.0.182",
"0.0.183",
"0.0.184",
"0.0.185",
"0.0.186",
"0.0.187",
"0.0.188",
"0.0.189",
"0.0.19",
"0.0.190",
"0.0.191",
"0.0.192",
"0.0.193",
"0.0.194",
"0.0.195",
"0.0.196",
"0.0.197",
"0.0.198",
"0.0.199",
"0.0.2",
"0.0.20",
"0.0.200",
"0.0.201",
"0.0.202",
"0.0.203",
"0.0.204",
"0.0.205",
"0.0.206",
"0.0.207",
"0.0.208",
"0.0.209",
"0.0.21",
"0.0.210",
"0.0.211",
"0.0.212",
"0.0.213",
"0.0.214",
"0.0.215",
"0.0.216",
"0.0.217",
"0.0.218",
"0.0.219",
"0.0.22",
"0.0.220",
"0.0.221",
"0.0.222",
"0.0.223",
"0.0.224",
"0.0.225",
"0.0.226",
"0.0.227",
"0.0.228",
"0.0.229",
"0.0.23",
"0.0.230",
"0.0.231",
"0.0.232",
"0.0.233",
"0.0.234",
"0.0.235",
"0.0.236",
"0.0.237",
"0.0.238",
"0.0.239",
"0.0.24",
"0.0.240",
"0.0.240rc0",
"0.0.240rc1",
"0.0.240rc4",
"0.0.242",
"0.0.243",
"0.0.244",
"0.0.245",
"0.0.246",
"0.0.247",
"0.0.248",
"0.0.249",
"0.0.25",
"0.0.250",
"0.0.251",
"0.0.252",
"0.0.253",
"0.0.254",
"0.0.255",
"0.0.256",
"0.0.257",
"0.0.258",
"0.0.259",
"0.0.26",
"0.0.260",
"0.0.261",
"0.0.262",
"0.0.263",
"0.0.264",
"0.0.265",
"0.0.266",
"0.0.267",
"0.0.268",
"0.0.269",
"0.0.27",
"0.0.270",
"0.0.271",
"0.0.272",
"0.0.273",
"0.0.274",
"0.0.275",
"0.0.276",
"0.0.277",
"0.0.278",
"0.0.279",
"0.0.28",
"0.0.281",
"0.0.283",
"0.0.284",
"0.0.285",
"0.0.286",
"0.0.287",
"0.0.288",
"0.0.289",
"0.0.29",
"0.0.290",
"0.0.291",
"0.0.292",
"0.0.293",
"0.0.294",
"0.0.295",
"0.0.296",
"0.0.297",
"0.0.298",
"0.0.299",
"0.0.3",
"0.0.30",
"0.0.300",
"0.0.301",
"0.0.302",
"0.0.303",
"0.0.304",
"0.0.305",
"0.0.306",
"0.0.307",
"0.0.308",
"0.0.309",
"0.0.31",
"0.0.310",
"0.0.311",
"0.0.312",
"0.0.313",
"0.0.314",
"0.0.315",
"0.0.316",
"0.0.317",
"0.0.318",
"0.0.319",
"0.0.32",
"0.0.320",
"0.0.321",
"0.0.322",
"0.0.323",
"0.0.324",
"0.0.325",
"0.0.326",
"0.0.327",
"0.0.329",
"0.0.33",
"0.0.330",
"0.0.331",
"0.0.331rc0",
"0.0.331rc1",
"0.0.331rc2",
"0.0.331rc3",
"0.0.332",
"0.0.333",
"0.0.334",
"0.0.335",
"0.0.336",
"0.0.337",
"0.0.338",
"0.0.339",
"0.0.339rc0",
"0.0.339rc1",
"0.0.339rc2",
"0.0.339rc3",
"0.0.34",
"0.0.340",
"0.0.341",
"0.0.342",
"0.0.343",
"0.0.344",
"0.0.345",
"0.0.346",
"0.0.347",
"0.0.348",
"0.0.349",
"0.0.349rc1",
"0.0.349rc2",
"0.0.35",
"0.0.350",
"0.0.351",
"0.0.352",
"0.0.353",
"0.0.354",
"0.0.36",
"0.0.37",
"0.0.38",
"0.0.39",
"0.0.4",
"0.0.40",
"0.0.41",
"0.0.42",
"0.0.43",
"0.0.44",
"0.0.45",
"0.0.46",
"0.0.47",
"0.0.48",
"0.0.49",
"0.0.5",
"0.0.50",
"0.0.51",
"0.0.52",
"0.0.53",
"0.0.54",
"0.0.55",
"0.0.56",
"0.0.57",
"0.0.58",
"0.0.59",
"0.0.6",
"0.0.60",
"0.0.61",
"0.0.63",
"0.0.64",
"0.0.65",
"0.0.66",
"0.0.67",
"0.0.68",
"0.0.69",
"0.0.7",
"0.0.70",
"0.0.71",
"0.0.72",
"0.0.73",
"0.0.74",
"0.0.75",
"0.0.76",
"0.0.77",
"0.0.78",
"0.0.79",
"0.0.8",
"0.0.80",
"0.0.81",
"0.0.82",
"0.0.83",
"0.0.84",
"0.0.85",
"0.0.86",
"0.0.87",
"0.0.88",
"0.0.89",
"0.0.9",
"0.0.90",
"0.0.91",
"0.0.92",
"0.0.93",
"0.0.94",
"0.0.95",
"0.0.96",
"0.0.97",
"0.0.98",
"0.0.99",
"0.0.99rc0",
"0.1.0",
"0.1.1",
"0.1.10",
"0.1.2",
"0.1.3",
"0.1.4",
"0.1.5",
"0.1.6",
"0.1.7",
"0.1.8",
"0.1.9"
]
}
],
"aliases": [
"CVE-2024-28088"
],
"details": "LangChain through 0.1.10 allows ../ directory traversal by an actor who is able to control the final part of the path parameter in a load_chain call. This bypasses the intended behavior of loading configurations only from the hwchase17/langchain-hub GitHub repository. The outcome can be disclosure of an API key for a large language model online service, or remote code execution.",
"id": "PYSEC-2024-43",
"modified": "2024-03-05T10:22:15.555734+00:00",
"published": "2024-03-04T00:15:00+00:00",
"references": [
{
"type": "WEB",
"url": "https://github.com/PinkDraconian/PoC-Langchain-RCE/blob/main/README.md"
},
{
"type": "WEB",
"url": "https://github.com/langchain-ai/langchain/blob/f96dd57501131840b713ed7c2e86cbf1ddc2761f/libs/core/langchain_core/utils/loading.py"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…