Langchain Server-Side Request Forgery vulnerability

GHSA-6h8p-4hx9-w66c · CVE-2023-32786

Published Oct 21, 2023 · Modified Feb 16, 2024

Description

In Langchain before 0.0.329, prompt injection allows an attacker to force the service to retrieve data from an arbitrary URL, essentially providing SSRF and potentially injecting content into downstream tasks.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2023-32786
WEB https://github.com/langchain-ai/langchain/pull/12747
WEB https://gist.github.com/rharang/d265f46fc3161b31ac2e81db44d662e1
PACKAGE https://github.com/langchain-ai/langchain
WEB https://github.com/langchain-ai/langchain/releases/tag/v0.0.329

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes