Vulnerability	Vulnerable Version
L SQL Injection langchain is a Typescript bindings for langchain Affected versions of this package are vulnerable to SQL Injection via the default configuration of the `GraphCypherQAChain` class, by manipulating entities in the graph database through prompt injection. How to fix SQL Injection? Upgrade `langchain` to version 0.3.3 or higher.	<0.3.3
M Arbitrary File Write via Archive Extraction (Zip Slip) langchain is a Typescript bindings for langchain Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) in the `getFullPath` method, which allows an attacker to save files anywhere in the filesystem through the `setFileContent` function, overwrite and read existing text files through the `getParsedFile` function, and delete files through the `mdelete` function. How to fix Arbitrary File Write via Archive Extraction (Zip Slip)? Upgrade `langchain` to version 0.2.19 or higher.	<0.2.19

SQL Injection

langchain is a Typescript bindings for langchain

Affected versions of this package are vulnerable to SQL Injection via the default configuration of the GraphCypherQAChain class, by manipulating entities in the graph database through prompt injection.

How to fix SQL Injection?

Upgrade langchain to version 0.3.3 or higher.

<0.3.3

Arbitrary File Write via Archive Extraction (Zip Slip)

langchain is a Typescript bindings for langchain

Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) in the getFullPath method, which allows an attacker to save files anywhere in the filesystem through the setFileContent function, overwrite and read existing text files through the getParsedFile function, and delete files through the mdelete function.

How to fix Arbitrary File Write via Archive Extraction (Zip Slip)?

Upgrade langchain to version 0.2.19 or higher.

<0.2.19

Go back to all versions of this package