langchain@0.0.299 vulnerabilities
Building applications with LLMs through composability
-
latest version
0.2.0
-
latest non vulnerable version
-
first published
2 years ago
-
latest version published
4 days ago
-
licenses detected
- [0,)
Direct Vulnerabilities
Known vulnerabilities in the langchain package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
langchain is a Building applications with LLMs through composability Affected versions of this package are vulnerable to Path Traversal due to improper limitation of a pathname to a restricted directory in its Note:
The issue lies in the handling of file paths in the How to fix Path Traversal? Upgrade |
[,0.0.353)
|
langchain is a Building applications with LLMs through composability Affected versions of this package are vulnerable to Server-Side Request Forgery via prompt injection. An attacker can force the service to retrieve data from an arbitrary URL, essentially providing server-side request forgery and potentially injecting content into downstream tasks. How to fix Server-Side Request Forgery? Upgrade |
[,0.0.329)
|
langchain is a Building applications with LLMs through composability Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) via the How to fix Server-side Request Forgery (SSRF)? Upgrade |
[,0.0.317)
|
langchain is a Building applications with LLMs through composability Affected versions of this package are vulnerable to Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') via the How to fix Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')? Upgrade |
[,0.0.306)
|
langchain is a Building applications with LLMs through composability Affected versions of this package are vulnerable to Arbitrary Code Execution due to use of the How to fix Arbitrary Code Execution? Upgrade |
[,0.0.307)
|
langchain is a Building applications with LLMs through composability Affected versions of this package are vulnerable to Arbitrary Code Execution via the How to fix Arbitrary Code Execution? Upgrade |
[,0.0.312)
|
langchain is a Building applications with LLMs through composability Affected versions of this package are vulnerable to Arbitrary Code Execution via a crafted script to the How to fix Arbitrary Code Execution? Upgrade |
[,0.0.325)
|