langchain-core 0.0.1 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the langchain-core package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
H Template Injection langchain-core is a Building applications with LLMs through composability Affected versions of this package are vulnerable to Template Injection in the prompt template system. An attacker can access internal Python object attributes by submitting specially crafted template strings to `ChatPromptTemplate` and related prompt template classes. Note: The vulnerability specifically requires that applications accept template strings (the structure) from untrusted sources, not just template variables (the data). Most applications either do not use templates or else use hardcoded templates and are not vulnerable. How to fix Template Injection? Upgrade `langchain-core` to version 0.3.80, 1.0.7 or higher.	[,0.3.80)[0.4.0.dev0,1.0.7)
H Exposure of Sensitive System Information to an Unauthorized Control Sphere langchain-core is a Building applications with LLMs through composability Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere in the `ImagePromptTemplate` in `image.py`, which can be instantiated with input variables that can contains paths exposing files from the underlying filesystem. The output of the prompt template may be exposed to the model and subsequently the unauthorized user. How to fix Exposure of Sensitive System Information to an Unauthorized Control Sphere? Upgrade `langchain-core` to version 0.1.53, 0.2.43, 0.3.15 or higher.	[,0.1.53)[0.2.0rc1,0.2.43)[0.3.0.dev0,0.3.15)
M XML External Entity (XXE) Injection langchain-core is a Building applications with LLMs through composability Affected versions of this package are vulnerable to XML External Entity (XXE) Injection due to the `XMLOutputParser` using the `etree` module from the XML parser in the standard python library, which is known to have vulnerabilities. This issue primarily affects users that combine an LLM (or agent) with the `XMLOutputParser` and expose the component via an endpoint on a web-service. A malicious party could attempt to manipulate the LLM to produce a malicious payload for the parser, compromising the availability of the service. Note: This is only exploitable if `XMLOutputParser` is used Malicious input is passed into the `XMLOutputParser` either directly or by trying to manipulate an LLM to do so on the user's behalf The component is exposed via a web-service. How to fix XML External Entity (XXE) Injection? Upgrade `langchain-core` to version 0.1.34 or higher.	[,0.1.34)
C Path Traversal langchain-core is a Building applications with LLMs through composability Affected versions of this package are vulnerable to Path Traversal due to improper validation of user-supplied input in the `load_chain` call. An attacker can achieve remote code execution or disclose sensitive information by manipulating the path parameter to traverse directories and load configurations or execute code not intended by the application. Notes: This is only exploitable if the attacker can control the final part of the path parameter. `llm_bash_chain` is an experimental feature. How to fix Path Traversal? Upgrade `langchain-core` to version 0.1.31 or higher.	[,0.1.31)
L Server-Side Request Forgery (SSRF) langchain-core is a Building applications with LLMs through composability Affected versions of this package are vulnerable to Server-Side Request Forgery (SSRF) in `document_loaders/recursive_url_loader.py`. An attacker in control of the contents of a specified URL could place a malicious HTML file there with links to completely different domains, and the crawler would proceed to issue GET requests from it, even though it is configured to prevent requests from outside sources. This is a bypass for the previously reported CVE-2023-46229. How to fix Server-Side Request Forgery (SSRF)? Upgrade `langchain-core` to version 0.1.7 or higher.	[,0.1.7)

Vulnerability

Vulnerable Version

Template Injection

langchain-core is a Building applications with LLMs through composability

Affected versions of this package are vulnerable to Template Injection in the prompt template system. An attacker can access internal Python object attributes by submitting specially crafted template strings to ChatPromptTemplate and related prompt template classes.

Note: The vulnerability specifically requires that applications accept template strings (the structure) from untrusted sources, not just template variables (the data).

Most applications either do not use templates or else use hardcoded templates and are not vulnerable.

How to fix Template Injection?

Upgrade langchain-core to version 0.3.80, 1.0.7 or higher.

[,0.3.80)[0.4.0.dev0,1.0.7)

Exposure of Sensitive System Information to an Unauthorized Control Sphere

langchain-core is a Building applications with LLMs through composability

Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere in the ImagePromptTemplate in image.py, which can be instantiated with input variables that can contains paths exposing files from the underlying filesystem. The output of the prompt template may be exposed to the model and subsequently the unauthorized user.

How to fix Exposure of Sensitive System Information to an Unauthorized Control Sphere?

Upgrade langchain-core to version 0.1.53, 0.2.43, 0.3.15 or higher.

[,0.1.53)[0.2.0rc1,0.2.43)[0.3.0.dev0,0.3.15)

XML External Entity (XXE) Injection

langchain-core is a Building applications with LLMs through composability

Affected versions of this package are vulnerable to XML External Entity (XXE) Injection due to the XMLOutputParser using the etree module from the XML parser in the standard python library, which is known to have vulnerabilities. This issue primarily affects users that combine an LLM (or agent) with the XMLOutputParser and expose the component via an endpoint on a web-service. A malicious party could attempt to manipulate the LLM to produce a malicious payload for the parser, compromising the availability of the service.

Note:

This is only exploitable if

XMLOutputParser is used
Malicious input is passed into the XMLOutputParser either directly or by trying to manipulate an LLM to do so on the user's behalf
The component is exposed via a web-service.

How to fix XML External Entity (XXE) Injection?

Upgrade langchain-core to version 0.1.34 or higher.

[,0.1.34)

Path Traversal

langchain-core is a Building applications with LLMs through composability

Affected versions of this package are vulnerable to Path Traversal due to improper validation of user-supplied input in the load_chain call. An attacker can achieve remote code execution or disclose sensitive information by manipulating the path parameter to traverse directories and load configurations or execute code not intended by the application.

Notes:

This is only exploitable if the attacker can control the final part of the path parameter.
llm_bash_chain is an experimental feature.

How to fix Path Traversal?

Upgrade langchain-core to version 0.1.31 or higher.

[,0.1.31)

Server-Side Request Forgery (SSRF)

langchain-core is a Building applications with LLMs through composability

Affected versions of this package are vulnerable to Server-Side Request Forgery (SSRF) in document_loaders/recursive_url_loader.py. An attacker in control of the contents of a specified URL could place a malicious HTML file there with links to completely different domains, and the crawler would proceed to issue GET requests from it, even though it is configured to prevent requests from outside sources. This is a bypass for the previously reported CVE-2023-46229.

How to fix Server-Side Request Forgery (SSRF)?

Upgrade langchain-core to version 0.1.7 or higher.

[,0.1.7)

langchain-core@0.0.1 vulnerabilities

Building applications with LLMs through composability

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities

Fix vulnerabilities automatically