In Langchain through 0.0.155, prompt injection allows an attacker to force the service to retrieve data from an arbitrary URL, essentially providing SSRF and potentially injecting content into downstream tasks.
References
Link | Resource |
---|---|
https://gist.github.com/rharang/d265f46fc3161b31ac2e81db44d662e1 | Third Party Advisory |
Configurations
History
27 Oct 2023, 21:44
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
References | (MISC) https://gist.github.com/rharang/d265f46fc3161b31ac2e81db44d662e1 - Third Party Advisory | |
CPE | cpe:2.3:a:langchain:langchain:*:*:*:*:*:*:*:* | |
CWE | CWE-74 | |
First Time |
Langchain langchain
Langchain |
20 Oct 2023, 22:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-10-20 22:15
Updated : 2024-02-28 20:33
NVD link : CVE-2023-32786
Mitre link : CVE-2023-32786
CVE.ORG link : CVE-2023-32786
JSON object : View
Products Affected
langchain
- langchain
CWE
CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')