langchain-chatchat 0.3.0.20240618

Direct Vulnerabilities

Known vulnerabilities in the langchain-chatchat package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
H Arbitrary Code Injection langchain-chatchat is a Langchain-Chatchat (formerly langchain-ChatGLM), local knowledge based LLM (like ChatGLM, Qwen and Llama) RAG and Agent app with langchain Affected versions of this package are vulnerable to Arbitrary Code Injection via the MCP STDIO server configuration and execution handling. An attacker can execute arbitrary commands by accessing the publicly exposed MCP management interface and configuring the server with attacker-controlled commands and arguments. How to fix Arbitrary Code Injection? There is no fixed version for `langchain-chatchat`.	[0,)
M Directory Traversal langchain-chatchat is a Langchain-Chatchat (formerly langchain-ChatGLM), local knowledge based LLM (like ChatGLM, Qwen and Llama) RAG and Agent app with langchain Affected versions of this package are vulnerable to Directory Traversal via the `purpose` parameter in the `/v1/files` endpoint. An attacker can access sensitive files outside the intended directory by submitting crafted requests. How to fix Directory Traversal? There is no fixed version for `langchain-chatchat`.	[0,)
M Directory Traversal langchain-chatchat is a Langchain-Chatchat (formerly langchain-ChatGLM), local knowledge based LLM (like ChatGLM, Qwen and Llama) RAG and Agent app with langchain Affected versions of this package are vulnerable to Directory Traversal via the `flag` argument in `/v1/file`. An attacker can access or modify files outside the intended directory by supplying crafted input. How to fix Directory Traversal? There is no fixed version for `langchain-chatchat`.	[0,)
M Directory Traversal langchain-chatchat is a Langchain-Chatchat (formerly langchain-ChatGLM), local knowledge based LLM (like ChatGLM, Qwen and Llama) RAG and Agent app with langchain Affected versions of this package are vulnerable to Directory Traversal via the `parse_file` function in the `/knowledge_base/upload_temp_docs` endpoint due to lack of proper validation of user suplied input to the `file_path` parameter. An attacker can access or modify files outside the intended directory by supplying crafted input. How to fix Directory Traversal? There is no fixed version for `langchain-chatchat`.	[0,)

Vulnerability

Vulnerable Version

Arbitrary Code Injection

langchain-chatchat is a Langchain-Chatchat (formerly langchain-ChatGLM), local knowledge based LLM (like ChatGLM, Qwen and Llama) RAG and Agent app with langchain

Affected versions of this package are vulnerable to Arbitrary Code Injection via the MCP STDIO server configuration and execution handling. An attacker can execute arbitrary commands by accessing the publicly exposed MCP management interface and configuring the server with attacker-controlled commands and arguments.

How to fix Arbitrary Code Injection?

There is no fixed version for langchain-chatchat.

[0,)

Directory Traversal

langchain-chatchat is a Langchain-Chatchat (formerly langchain-ChatGLM), local knowledge based LLM (like ChatGLM, Qwen and Llama) RAG and Agent app with langchain

Affected versions of this package are vulnerable to Directory Traversal via the purpose parameter in the /v1/files endpoint. An attacker can access sensitive files outside the intended directory by submitting crafted requests.

How to fix Directory Traversal?

There is no fixed version for langchain-chatchat.

[0,)

Directory Traversal

langchain-chatchat is a Langchain-Chatchat (formerly langchain-ChatGLM), local knowledge based LLM (like ChatGLM, Qwen and Llama) RAG and Agent app with langchain

Affected versions of this package are vulnerable to Directory Traversal via the flag argument in /v1/file. An attacker can access or modify files outside the intended directory by supplying crafted input.

How to fix Directory Traversal?

There is no fixed version for langchain-chatchat.

[0,)

Directory Traversal

langchain-chatchat is a Langchain-Chatchat (formerly langchain-ChatGLM), local knowledge based LLM (like ChatGLM, Qwen and Llama) RAG and Agent app with langchain

Affected versions of this package are vulnerable to Directory Traversal via the parse_file function in the /knowledge_base/upload_temp_docs endpoint due to lack of proper validation of user suplied input to the file_path parameter. An attacker can access or modify files outside the intended directory by supplying crafted input.

How to fix Directory Traversal?

There is no fixed version for langchain-chatchat.

[0,)

langchain-chatchat@0.3.0.20240618

Langchain-Chatchat (formerly langchain-ChatGLM), local knowledge based LLM (like ChatGLM, Qwen and Llama) RAG and Agent app with langchain

latest version

first published

latest version published

licenses detected

Direct Vulnerabilities

Fix vulnerabilities automatically