Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

community[patch]: Patch tdidf retriever (CVE-2024-2057) #18695

Merged
merged 2 commits into from Mar 6, 2024
Merged

community[patch]: Patch tdidf retriever (CVE-2024-2057) #18695

merged 2 commits into from Mar 6, 2024

Conversation

eyurtsev
Copy link
Collaborator

@eyurtsev eyurtsev commented Mar 6, 2024
edited

This is a patch for CVE-2024-2057: https://www.cve.org/CVERecord?id=CVE-2024-2057

This affects users that:

  • Use the TFIDFRetriever
  • Attempt to de-serialize it from an untrusted source that contains a malicious payload

@vercel Vercel
Copy link

vercel bot commented Mar 6, 2024
edited

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
langchain ✅ Ready (Inspect) Visit Preview 💬 Add feedback Mar 6, 2024 8:16pm

@dosubot dosubot bot added size:M This PR changes 30-99 lines, ignoring generated files. Ɑ: retriever Related to retriever module 🤖:improvement Medium size change to existing code to handle new use-cases labels Mar 6, 2024
@eyurtsev eyurtsev changed the title Patch tdidf retriever community[patch]: Patch tdidf retriever (CVE-2024-2057) Mar 6, 2024
@dosubot dosubot bot added the lgtm PR looks good. Use to confirm that a PR is ready for merging. label Mar 6, 2024
@eyurtsev eyurtsev merged commit 0e52961 into master Mar 6, 2024
59 checks passed
@eyurtsev eyurtsev deleted the eugene/tfidf branch March 6, 2024 20:49
bechbd pushed a commit to bechbd/langchain that referenced this pull request Mar 29, 2024
@eyurtsev
community[patch]: Patch tdidf retriever (CVE-2024-2057) (langchain-ai…
ab87957 
…#18695)

This is a patch for `CVE-2024-2057`:
https://www.cve.org/CVERecord?id=CVE-2024-2057

This affects users that: 

* Use the  `TFIDFRetriever`
* Attempt to de-serialize it from an untrusted source that contains a
malicious payload
gkorland pushed a commit to FalkorDB/langchain that referenced this pull request Mar 30, 2024
@eyurtsev @gkorland
community[patch]: Patch tdidf retriever (CVE-2024-2057) (langchain-ai…
ee3b524 
…#18695)

This is a patch for `CVE-2024-2057`:
https://www.cve.org/CVERecord?id=CVE-2024-2057

This affects users that: 

* Use the  `TFIDFRetriever`
* Attempt to de-serialize it from an untrusted source that contains a
malicious payload
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@baskaryan baskaryan baskaryan approved these changes

Assignees

@baskaryan baskaryan

Labels
🤖:improvement Medium size change to existing code to handle new use-cases lgtm PR looks good. Use to confirm that a PR is ready for merging. Ɑ: retriever Related to retriever module size:M This PR changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@eyurtsev @baskaryan