While working on SimpleMem project, I reviewed the dependency manifest and found that it uses a vulnerable version of langchain-openai. During analysis, I identified that the SSRF protection in the image token counting functionality can be bypassed due to a DNS rebinding (TOCTOU) issue.
CVE Report
CVE Link
While working on SimpleMem project, I reviewed the dependency manifest and found that it uses a vulnerable version of langchain-openai. During analysis, I identified that the SSRF protection in the image token counting functionality can be bypassed due to a DNS rebinding (TOCTOU) issue.
CVE Report
CVE Link