Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependency langchain to v0.1.11 [SECURITY] #297

Merged
merged 2 commits into from
Apr 21, 2024
Merged

Update dependency langchain to v0.1.11 [SECURITY] #297

merged 2 commits into from
Apr 21, 2024

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Apr 21, 2024

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
langchain ==0.0.285 -> ==0.1.11 age adoption passing confidence

Langchain vulnerable to arbitrary code execution via the evaluate function in the numexpr library

CVE-2023-39631 / GHSA-f73w-4m7g-ch9x / PYSEC-2023-162 / PYSEC-2023-163

More information

Details

An issue in LanChain-ai Langchain v.0.0.245 allows a remote attacker to execute arbitrary code via the evaluate function in the numexpr library.

Patches: Released in v.0.0.308. numexpr dependency is optional for langchain.

Severity

  • CVSS Score: 9.8 / 10 (Critical)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

CVE-2023-39631 / GHSA-f73w-4m7g-ch9x / PYSEC-2023-162 / PYSEC-2023-163

More information

Details

An issue in LanChain-ai Langchain v.0.0.245 allows a remote attacker to execute arbitrary code via the evaluate function in the numexpr library.

Severity

  • CVSS Score: 9.8 / 10 (Critical)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

This data is provided by OSV and the PyPI Advisory Database (CC-BY 4.0).

langchain vulnerable to arbitrary code execution

CVE-2023-36281 / GHSA-7gfq-f96f-g85j / PYSEC-2023-151

More information

Details

An issue in langchain v.0.0.171 allows a remote attacker to execute arbitrary code via the via the a json file to the load_prompt parameter. This is related to __subclasses__ or a template.

Severity

  • CVSS Score: 9.8 / 10 (Critical)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

CVE-2023-46229 / GHSA-655w-fm8m-m478 / PYSEC-2023-205

More information

Details

LangChain before 0.0.317 allows SSRF via document_loaders/recursive_url_loader.py because crawling can proceed from an external server to an internal server.

Severity

Unknown

References

This data is provided by OSV and the PyPI Advisory Database (CC-BY 4.0).

LangChain Server Side Request Forgery vulnerability

CVE-2023-46229 / GHSA-655w-fm8m-m478 / PYSEC-2023-205

More information

Details

LangChain before 0.0.317 allows SSRF via document_loaders/recursive_url_loader.py because crawling can proceed from an external server to an internal server.

Severity

  • CVSS Score: 8.8 / 10 (High)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

LangChain vulnerable to arbitrary code execution

CVE-2023-39659 / GHSA-prgp-w7vf-ch62 / PYSEC-2023-147

More information

Details

An issue in langchain langchain-ai before version 0.0.325 allows a remote attacker to execute arbitrary code via a crafted script to the PythonAstREPLTool._run component.

Severity

  • CVSS Score: 9.8 / 10 (Critical)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

Langchain Server-Side Request Forgery vulnerability

CVE-2023-32786 / GHSA-6h8p-4hx9-w66c

More information

Details

In Langchain before 0.0.329, prompt injection allows an attacker to force the service to retrieve data from an arbitrary URL, essentially providing SSRF and potentially injecting content into downstream tasks.

Severity

  • CVSS Score: 7.5 / 10 (High)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

LangChain directory traversal vulnerability

CVE-2024-28088 / GHSA-h59x-p739-982c / PYSEC-2024-43 / PYSEC-2024-45

More information

Details

LangChain through 0.1.10 allows ../ directory traversal by an actor who is able to control the final part of the path parameter in a load_chain call. This bypasses the intended behavior of loading configurations only from the hwchase17/langchain-hub GitHub repository. The outcome can be disclosure of an API key for a large language model online service, or remote code execution.

Severity

Low

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

langchain vulnerable to path traversal

CVE-2024-3571 / GHSA-rgp8-pm28-3759

More information

Details

langchain-ai/langchain is vulnerable to path traversal due to improper limitation of a pathname to a restricted directory ('Path Traversal') in its LocalFileStore functionality. An attacker can leverage this vulnerability to read or write files anywhere on the filesystem, potentially leading to information disclosure or remote code execution. The issue lies in the handling of file paths in the mset and mget methods, where user-supplied input is not adequately sanitized, allowing directory traversal sequences to reach unintended directories.

Severity

  • CVSS Score: 6.5 / 10 (Medium)
  • Vector String: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

langchain Server-Side Request Forgery vulnerability

CVE-2024-0243 / GHSA-h9j7-5xvc-qhg5

More information

Details

With the following crawler configuration:

from bs4 import BeautifulSoup as Soup

url = "https://example.com"
loader = RecursiveUrlLoader(
    url=url, max_depth=2, extractor=lambda x: Soup(x, "html.parser").text 
)
docs = loader.load()

An attacker in control of the contents of https://example.com could place a malicious HTML file in there with links like "https://example.completely.different/my_file.html" and the crawler would proceed to download that file as well even though prevent_outside=True.

https://github.com/langchain-ai/langchain/blob/bf0b3cc0b5ade1fb95a5b1b6fa260e99064c2e22/libs/community/langchain_community/document_loaders/recursive_url_loader.py#L51-L51

Resolved in https://github.com/langchain-ai/langchain/pull/15559

Severity

  • CVSS Score: 3.7 / 10 (Low)
  • Vector String: CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

CVE-2024-28088 / GHSA-h59x-p739-982c / PYSEC-2024-43 / PYSEC-2024-45

More information

Details

LangChain through 0.1.10 allows ../ directory traversal by an actor who is able to control the final part of the path parameter in a load_chain call. This bypasses the intended behavior of loading configurations only from the hwchase17/langchain-hub GitHub repository. The outcome can be disclosure of an API key for a large language model online service, or remote code execution.

Severity

Unknown

References

This data is provided by OSV and the PyPI Advisory Database (CC-BY 4.0).

Release Notes

langchain-ai/langchain (langchain)

v0.1.11

Compare Source

What's Changed

New Contributors

Full Changelog: langchain-ai/langchain@v0.1.10...v0.1.11

v0.1.10

Compare Source

What's Changed

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate renovate bot added the dependencies Pull requests that update a dependency file label Apr 21, 2024
@renovate renovate bot force-pushed the renovate/pypi-langchain-vulnerability branch 7 times, most recently from f179576 to af42deb Compare April 21, 2024 13:19
@renovate renovate bot force-pushed the renovate/pypi-langchain-vulnerability branch from af42deb to e4386dc Compare April 21, 2024 13:57
@renovate Renovate
Copy link
Contributor Author

renovate bot commented Apr 21, 2024

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

Warning: custom changes will be lost.

@mirpo mirpo merged commit ddab78e into master Apr 21, 2024
4 checks passed
@mirpo mirpo deleted the renovate/pypi-langchain-vulnerability branch April 21, 2024 14:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mirpo mirpo mirpo approved these changes

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@mirpo