langchain-community@0.0.1rc2 vulnerabilities

Community contributed LangChain integrations.

Direct Vulnerabilities

Known vulnerabilities in the langchain-community package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Uncontrolled Resource Consumption ('Resource Exhaustion')

Affected versions of this package are vulnerable to Uncontrolled Resource Consumption ('Resource Exhaustion') through the SitemapLoader class. An attacker can occupy server socket/port resources and crash the Python process by inducing an infinite loop via recursive sitemap URL references.

How to fix Uncontrolled Resource Consumption ('Resource Exhaustion')?

Upgrade langchain-community to version 0.2.5 or higher.

[,0.2.5)
  • M
Server-Side Request Forgery (SSRF)

Affected versions of this package are vulnerable to Server-Side Request Forgery (SSRF) due to the load_local function. An attacker can perform actions on behalf of the server or access unauthorized information by sending crafted requests to the vulnerable function.

How to fix Server-Side Request Forgery (SSRF)?

Upgrade langchain-community to version 0.0.27 or higher.

[,0.0.27)