Threat Intelligence

Live CVE feed

299 threats tracked across 7 launch stacks — sourced from NVD, GHSA, CISA KEV, OSV, npm Audit, and EPSS.

299threats · All threats· page 11/15
Get guardrails →

LangChain Server Side Request Forgery vulnerability

LangChain before 0.0.317 allows SSRF via document_loaders/recursive_url_loader.py because crawling can proceed from an external server to an internal server.

OWASP A10LLM02 · Insecure OutputOWASP LLM
Get guardrail →

Gradio arbitrary file upload vulnerability

Gradio v3.27.0 was discovered to contain an arbitrary file upload vulnerability via the /upload interface.

OWASP A04OWASP LLM
Get guardrail →
2 rules

Langchain vulnerable to arbitrary code execution via the evaluate function in the numexpr library

An issue in LanChain-ai Langchain v.0.0.245 allows a remote attacker to execute arbitrary code via the evaluate function in the numexpr library. Patches: Released in v.0.0.308. numexpr dependency is optional for langchain.

OWASP A03LLM01 · Prompt InjectionOWASP LLM
Get guardrail →
2 rules

langchain vulnerable to arbitrary code execution

An issue in langchain v.0.0.171 allows a remote attacker to execute arbitrary code via the via the a json file to the load_prompt parameter. This is related to __subclasses__ or a template.

OWASP A03LLM01 · Prompt InjectionOWASP LLM
Get guardrail →
2 rules

llama-index vulnerable to arbitrary code execution

An issue in llama_index v.0.7.13 and before allows a remote attacker to execute arbitrary code via the exec parameter in PandasQueryEngine function.

OWASP A03LLM01 · Prompt InjectionOWASP LLM
Get guardrail →
2 rules

LangChain vulnerable to arbitrary code execution

An issue in langchain langchain-ai before version 0.0.325 allows a remote attacker to execute arbitrary code via a crafted script to the PythonAstREPLTool._run component.

OWASP A03OWASP LLM
Get guardrail →
2 rules

LangChain vulnerable to arbitrary code execution

An issue in Harrison Chase langchain before version 0.0.236 allows a remote attacker to execute arbitrary code via the from_math_prompt and from_colored_object_prompt functions.

OWASP A03LLM01 · Prompt InjectionOWASP LLM
Get guardrail →
2 rules

LangChain vulnerable to arbitrary code execution

An issue in LangChain prior to v.0.0.247 allows a remote attacker to execute arbitrary code via the prompt parameter.

OWASP A03LLM01 · Prompt InjectionOWASP LLM
Get guardrail →
2 rules

langchain Code Injection vulnerability

An issue in Harrison Chase langchain allows an attacker to execute arbitrary code via the PALChain,from_math_prompt(llm).run in the python exec method.

OWASP A03LLM01 · Prompt InjectionOWASP LLM
Get guardrail →

langchain SQL Injection vulnerability

SQL injection vulnerability in langchain allows a remote attacker to obtain sensitive information via the SQLDatabaseChain component.

OWASP A03OWASP LLM
Get guardrail →
2 rules

langchain vulnerable to arbitrary code execution

An issue in langchain allows a remote attacker to execute arbitrary code via the PALChain parameter in the Python exec method.

OWASP A03OWASP LLM
Get guardrail →
2 rules

langchain arbitrary code execution vulnerability

An issue in langchain allows an attacker to execute arbitrary code via the PALChain in the python exec method.

OWASP A03LLM01 · Prompt InjectionOWASP LLM
Get guardrail →
2 rules

Langchain OS Command Injection vulnerability

Langchain before v0.0.225 was discovered to contain a remote code execution (RCE) vulnerability in the component JiraAPIWrapper (aka the JIRA API wrapper). This vulnerability allows attackers to execute arbitrary code via crafted input. As noted in the "releases/tag" reference, a fix is available.

OWASP A03LLM01 · Prompt InjectionOWASP LLM
Get guardrail →
2 rules

nuxt Code Injection vulnerability

he Nuxt dev server between versions 3.4.0 and 3.4.3 is vulnerable to code injection when it is exposed publicly.

OWASP A03OWASP Web
Get guardrail →

Gradio vulnerable to arbitrary file read and proxying of arbitrary URLs

Impact There are two separate security vulnerabilities here: (1) a security vulnerability that allows users to read arbitrary files on the machines that are running shared Gradio apps (2) the ability of users to use machines that are sharing Gradio apps to proxy arbitrary URLs Patches Both problems have been solved, please upgrade gradio to 3.34.0 or higher Workarounds Not possible to workaround except by taking down any shared Gradio apps References Relevant PRs: https://github.com/gradio-app/gradio/pull/4406 https://github.com/gradio-app/gradio/pull/4370

OWASP A03LLM01 · Prompt InjectionOWASP LLM
Get guardrail →
2 rules

transformers has Insecure Temporary File

Insecure Temporary File in GitHub repository huggingface/transformers 4.29.2 and prior. A fix is available at commit 80ca92470938bbcc348e2d9cf4734c7c25cb1c43 and has been released as part of version 4.30.0.

Starlette has Path Traversal vulnerability in StaticFiles

Summary When using StaticFiles, if there's a file or directory that starts with the same name as the StaticFiles directory, that file or directory is also exposed via StaticFiles which is a path traversal vulnerability. Details The root cause of this issue is the usage of os.path.commonprefix(): https://github.com/encode/starlette/blob/4bab981d9e870f6cee1bd4cd59b87ddaf355b2dc/starlette/staticfiles.py#L172-L174 As stated in the Python documentation (https://docs.python.org/3/library/os.path.html#os.path.commonprefix) this function returns the longest prefix common to paths. When passing a path like /static/../static1.txt, os.path.commonprefix([full_path, directory]) returns ./static which is the common part of ./static1.txt and ./static, It refers to /static/../static1.txt because it is considered in the staticfiles directory. As a result, it becomes possible to view files that should not be open to the public. The solution is to use os.path.commonpath as the Python documentation explains that os.path.commonprefix works a character at a time, it does not treat the arguments as paths. PoC In order to reproduce the issue, you need to create the following structure: `` ├── static │ ├── index.html ├── static_disallow │ ├── index.html └── static1.txt ` And run the Starlette app with: `py import uvicorn from starlette.applications import Starlette from starlette.routing import Mount from starlette.staticfiles import StaticFiles routes = [ Mount("/static", app=StaticFiles(directory="static", html=True), name="static"), ] app = Starlette(routes=routes) if __name__ == "__main__": uvicorn.run(app, host="0.0.0.0", port=8000) ` And running the commands: `shell curl --path-as-is 'localhost:8000/static/../static_disallow/' curl --path-as-is 'localhost:8000/static/../static1.txt' ` The static1.txt and the directory static_disallow` are exposed. Impact Confidentiality is breached: An attacker may obtain files that should not be open to the public. Credits Security researcher Masashi Yamane of LAC Co., Ltd reported this vulnerability to JPCERT/CC Vulnerability Coordination Group and they contacted us to coordinate a patch for the security issue.

OWASP A01OWASP Web
Get guardrail →
2 rules

LangChain vulnerable to code injection

In LangChain through 0.0.131, the LLMMathChain chain allows prompt injection attacks that can execute arbitrary code via the Python exec() method.

OWASP A03LLM01 · Prompt InjectionOWASP LLM
Get guardrail →

Update share links to use FRP instead of SSH tunneling

Impact This is a vulnerability which affects anyone using Gradio's share links (i.e. creating a Gradio app and then setting share=True) with Gradio versions older than 3.13.1. In these older versions of Gradio, a private SSH key is sent to any user that connects to the Gradio machine, which means that a user could access other users' shared Gradio demos. From there, other exploits are possible depending on the level of access/exposure the Gradio app provides. Patches The problem has been patched. Ideally, users should upgrade to gradio==3.19.1 or later where the FRP solution has been properly tested. Credit Credit to Greg Sadetsky and Samuel Tremblay-Cossette for alerting the team

OWASP A05OWASP LLM
Get guardrail →

Showing 201220 of 299 threats