langchain@0.2.8 vulnerabilities
Building applications with LLMs through composability
-
latest version
0.3.7
-
latest non vulnerable version
-
first published
2 years ago
-
latest version published
20 days ago
-
licenses detected
- [0,)
Direct Vulnerabilities
Known vulnerabilities in the langchain package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
langchain is a Building applications with LLMs through composability Affected versions of this package are vulnerable to Deserialization of Untrusted Data through the Note: Exploiting this vulnerability requires that the user actively accept untrusted input from another source. How to fix Deserialization of Untrusted Data? Upgrade |
[,0.2.10)
|
langchain is a Building applications with LLMs through composability Affected versions of this package are vulnerable to Server-Side Request Forgery (SSRF) through the Note: This SSRF vulnerability makes it possible to scan ports, abuse the Web Explorer server as a proxy for attacks on third parties and interact with servers in the local network including reading their response data, which may allow to extract instance metadata if in a cloud environment. The attack consequences of interacting with local services depends heavily on the nature of these services. Regularly admin-privileged services are exposed locally on servers, so the consequences can go all the way up to arbitrary code execution. Sending POST requests is not possible, only GET, but integrity may still be affected as a result of stolen credentials or because especially on internal APIs also GET requests can be state-changing. For all these reasons, the Confidentiality, Integrity, Availability metrics are set to H, L, L, the result is not an uncommon score for SSRF vulnerabilities. How to fix Server-Side Request Forgery (SSRF)? Upgrade |
[,0.2.10)
|