LangChain Server Side Request Forgery vulnerability
LangChain before 0.0.317 allows SSRF via document_loaders/recursive_url_loader.py because crawling can proceed from an external server to an internal server.
299 threats tracked across 7 launch stacks — sourced from NVD, GHSA, CISA KEV, OSV, npm Audit, and EPSS.
LangChain before 0.0.317 allows SSRF via document_loaders/recursive_url_loader.py because crawling can proceed from an external server to an internal server.
Gradio v3.27.0 was discovered to contain an arbitrary file upload vulnerability via the /upload interface.
An issue in LanChain-ai Langchain v.0.0.245 allows a remote attacker to execute arbitrary code via the evaluate function in the numexpr library. Patches: Released in v.0.0.308. numexpr dependency is optional for langchain.
An issue in langchain v.0.0.171 allows a remote attacker to execute arbitrary code via the via the a json file to the load_prompt parameter. This is related to __subclasses__ or a template.
An issue in llama_index v.0.7.13 and before allows a remote attacker to execute arbitrary code via the exec parameter in PandasQueryEngine function.
An issue in langchain langchain-ai before version 0.0.325 allows a remote attacker to execute arbitrary code via a crafted script to the PythonAstREPLTool._run component.
An issue in Harrison Chase langchain before version 0.0.236 allows a remote attacker to execute arbitrary code via the from_math_prompt and from_colored_object_prompt functions.
An issue in LangChain prior to v.0.0.247 allows a remote attacker to execute arbitrary code via the prompt parameter.
An issue in Harrison Chase langchain allows an attacker to execute arbitrary code via the PALChain,from_math_prompt(llm).run in the python exec method.
SQL injection vulnerability in langchain allows a remote attacker to obtain sensitive information via the SQLDatabaseChain component.
An issue in langchain allows a remote attacker to execute arbitrary code via the PALChain parameter in the Python exec method.
An issue in langchain allows an attacker to execute arbitrary code via the PALChain in the python exec method.
Langchain 0.0.171 is vulnerable to Arbitrary code execution in load_prompt.
Langchain before v0.0.225 was discovered to contain a remote code execution (RCE) vulnerability in the component JiraAPIWrapper (aka the JIRA API wrapper). This vulnerability allows attackers to execute arbitrary code via crafted input. As noted in the "releases/tag" reference, a fix is available.
he Nuxt dev server between versions 3.4.0 and 3.4.3 is vulnerable to code injection when it is exposed publicly.
Impact There are two separate security vulnerabilities here: (1) a security vulnerability that allows users to read arbitrary files on the machines that are running shared Gradio apps (2) the ability of users to use machines that are sharing Gradio apps to proxy arbitrary URLs Patches Both problems have been solved, please upgrade gradio to 3.34.0 or higher Workarounds Not possible to workaround except by taking down any shared Gradio apps References Relevant PRs: https://github.com/gradio-app/gradio/pull/4406 https://github.com/gradio-app/gradio/pull/4370
Insecure Temporary File in GitHub repository huggingface/transformers 4.29.2 and prior. A fix is available at commit 80ca92470938bbcc348e2d9cf4734c7c25cb1c43 and has been released as part of version 4.30.0.
Summary When using StaticFiles, if there's a file or directory that starts with the same name as the StaticFiles directory, that file or directory is also exposed via StaticFiles which is a path traversal vulnerability. Details The root cause of this issue is the usage of os.path.commonprefix(): https://github.com/encode/starlette/blob/4bab981d9e870f6cee1bd4cd59b87ddaf355b2dc/starlette/staticfiles.py#L172-L174 As stated in the Python documentation (https://docs.python.org/3/library/os.path.html#os.path.commonprefix) this function returns the longest prefix common to paths. When passing a path like /static/../static1.txt, os.path.commonprefix([full_path, directory]) returns ./static which is the common part of ./static1.txt and ./static, It refers to /static/../static1.txt because it is considered in the staticfiles directory. As a result, it becomes possible to view files that should not be open to the public. The solution is to use os.path.commonpath as the Python documentation explains that os.path.commonprefix works a character at a time, it does not treat the arguments as paths. PoC In order to reproduce the issue, you need to create the following structure: `` ├── static │ ├── index.html ├── static_disallow │ ├── index.html └── static1.txt ` And run the Starlette app with: `py import uvicorn from starlette.applications import Starlette from starlette.routing import Mount from starlette.staticfiles import StaticFiles routes = [ Mount("/static", app=StaticFiles(directory="static", html=True), name="static"), ] app = Starlette(routes=routes) if __name__ == "__main__": uvicorn.run(app, host="0.0.0.0", port=8000) ` And running the commands: `shell curl --path-as-is 'localhost:8000/static/../static_disallow/' curl --path-as-is 'localhost:8000/static/../static1.txt' ` The static1.txt and the directory static_disallow` are exposed. Impact Confidentiality is breached: An attacker may obtain files that should not be open to the public. Credits Security researcher Masashi Yamane of LAC Co., Ltd reported this vulnerability to JPCERT/CC Vulnerability Coordination Group and they contacted us to coordinate a patch for the security issue.
In LangChain through 0.0.131, the LLMMathChain chain allows prompt injection attacks that can execute arbitrary code via the Python exec() method.
Impact This is a vulnerability which affects anyone using Gradio's share links (i.e. creating a Gradio app and then setting share=True) with Gradio versions older than 3.13.1. In these older versions of Gradio, a private SSH key is sent to any user that connects to the Gradio machine, which means that a user could access other users' shared Gradio demos. From there, other exploits are possible depending on the level of access/exposure the Gradio app provides. Patches The problem has been patched. Ideally, users should upgrade to gradio==3.19.1 or later where the FRP solution has been properly tested. Credit Credit to Greg Sadetsky and Samuel Tremblay-Cossette for alerting the team
Showing 201–220 of 299 threats