langchain@0.0.240rc4 vulnerabilities

Building applications with LLMs through composability

Direct Vulnerabilities

Known vulnerabilities in the langchain package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Deserialization of Untrusted Data

langchain is a Building applications with LLMs through composability

Affected versions of this package are vulnerable to Deserialization of Untrusted Data through the FAISS.deserialize_from_bytes function. An attacker can execute arbitrary commands by exploiting the os.system function.

Note:

Exploiting this vulnerability requires that the user actively accept untrusted input from another source.

How to fix Deserialization of Untrusted Data?

Upgrade langchain to version 0.2.10 or higher.

[,0.2.10)
  • M
Server-Side Request Forgery (SSRF)

langchain is a Building applications with LLMs through composability

Affected versions of this package are vulnerable to Server-Side Request Forgery (SSRF) through the Web Research Retriever component. An attacker can execute port scans, access local services, and potentially read instance metadata from cloud environments by sending crafted requests to the server.

Note: This SSRF vulnerability makes it possible to scan ports, abuse the Web Explorer server as a proxy for attacks on third parties and interact with servers in the local network including reading their response data, which may allow to extract instance metadata if in a cloud environment. The attack consequences of interacting with local services depends heavily on the nature of these services. Regularly admin-privileged services are exposed locally on servers, so the consequences can go all the way up to arbitrary code execution. Sending POST requests is not possible, only GET, but integrity may still be affected as a result of stolen credentials or because especially on internal APIs also GET requests can be state-changing. For all these reasons, the Confidentiality, Integrity, Availability metrics are set to H, L, L, the result is not an uncommon score for SSRF vulnerabilities.

How to fix Server-Side Request Forgery (SSRF)?

Upgrade langchain to version 0.2.10 or higher.

[,0.2.10)
  • M
Path Traversal

langchain is a Building applications with LLMs through composability

Affected versions of this package are vulnerable to Path Traversal due to improper limitation of a pathname to a restricted directory in its LocalFileStore functionality. An attacker can leverage this vulnerability to read or write files anywhere on the filesystem, potentially leading to information disclosure or remote code execution.

Note: The issue lies in the handling of file paths in the mset and mget methods, where user-supplied input is not adequately sanitized, allowing directory traversal sequences to reach unintended directories.

How to fix Path Traversal?

Upgrade langchain to version 0.0.353 or higher.

[,0.0.353)
  • M
Server-Side Request Forgery

langchain is a Building applications with LLMs through composability

Affected versions of this package are vulnerable to Server-Side Request Forgery via prompt injection. An attacker can force the service to retrieve data from an arbitrary URL, essentially providing server-side request forgery and potentially injecting content into downstream tasks.

How to fix Server-Side Request Forgery?

Upgrade langchain to version 0.0.329 or higher.

[,0.0.329)
  • H
SQL Injection

langchain is a Building applications with LLMs through composability

Affected versions of this package are vulnerable to SQL Injection through the service provided by the chain. An attacker can execute arbitrary SQL by injecting it into a db_chain() prompt.

How to fix SQL Injection?

Upgrade langchain to version 0.0.276 or higher.

[,0.0.276)
  • M
Server-side Request Forgery (SSRF)

langchain is a Building applications with LLMs through composability

Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) via the document_loaders/recursive_url_loader.py function. An attacker can manipulate the server into making HTTP requests to an arbitrary domain by exploiting the server's ability to crawl from an external server to an internal server.

How to fix Server-side Request Forgery (SSRF)?

Upgrade langchain to version 0.0.317 or higher.

[,0.0.317)
  • C
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

langchain is a Building applications with LLMs through composability

Affected versions of this package are vulnerable to Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') via the PALChain in the python exec method. An attacker can bypass the fix for CVE-2023-36258 and execute arbitrary code by exploiting this vulnerability.

How to fix Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')?

Upgrade langchain to version 0.0.306 or higher.

[,0.0.306)
  • C
Arbitrary Code Execution

langchain is a Building applications with LLMs through composability

Affected versions of this package are vulnerable to Arbitrary Code Execution due to use of the evaluate() function in the numexpr library. An attacker can send arbitrary commands to the underlying eval() function by incorporating them in a malicious prompt.

How to fix Arbitrary Code Execution?

Upgrade langchain to version 0.0.307 or higher.

[,0.0.307)
  • C
Arbitrary Code Execution

langchain is a Building applications with LLMs through composability

Affected versions of this package are vulnerable to Arbitrary Code Execution via the load_prompt parameter, by supplying a malicious json file.

How to fix Arbitrary Code Execution?

Upgrade langchain to version 0.0.312 or higher.

[,0.0.312)
  • H
Arbitrary Code Execution

langchain is a Building applications with LLMs through composability

Affected versions of this package are vulnerable to Arbitrary Code Execution via a crafted script to the PythonAstREPLTool._run component.

Note:

The vulnerability was mitigated by moving the vulnerable code in the LangChain Experimental package. Users might still be affected if they are relying on this package.

How to fix Arbitrary Code Execution?

Upgrade langchain to version 0.0.325 or higher.

[,0.0.325)
  • M
Arbitrary Command Injection

langchain is a Building applications with LLMs through composability

Affected versions of this package are vulnerable to Arbitrary Command Injection due to improper input sanitization, which allows the attacker to inject code via the prompt parameter.

How to fix Arbitrary Command Injection?

Upgrade langchain to version 0.0.247 or higher.

[,0.0.247)
  • H
SQL Injection

langchain is a Building applications with LLMs through composability

Affected versions of this package are vulnerable to SQL Injection due to improper user-input sanitization, allowing a remote attacker to obtain sensitive information via the SQLDatabaseChain component.

How to fix SQL Injection?

Upgrade langchain to version 0.0.247 or higher.

[,0.0.247)