langchain-core@1.2.2 vulnerabilities

langchain-core is a Building applications with LLMs through composability

Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the dumps and dumpd functions when user-controlled data containing the lc key is serialized and later deserialized. This key is intended to be reserved for internal objects. An attacker can extract environment variable secrets or instantiate classes with attacker-controlled parameters by injecting specially crafted structures into user-controlled fields, which are then treated as legitimate objects during deserialization.

Common usages that enable this vulnerability are LLM response fields like additional_kwargs or response_metadata, which may be an injection vector.

Note: This is only exploitable if deserialization occurs with secrets_from_env=True, which is the default setting, or if attacker-controlled data is passed to the serialization and deserialization process.

Upgrade langchain-core to version 0.3.81, 1.2.5 or higher.