CVE-2024-28088

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-28088
LangChain through 0.1.10 allows ../ directory traversal by an actor who is able to control the final part of the path parameter in a load_chain call. This bypasses the intended behavior of loading configurations only from the hwchase17/langchain-hub GitHub repository. The outcome can be disclosure of an API key for a large language model online service, or remote code execution. (A patch is available as of release 0.1.29 of langchain-core.)

8.1 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://github.com/PinkDraconian/PoC-Langchain-RCE/blob/main/README.md
https://github.com/langchain-ai/langchain/blob/f96dd57501131840b713ed7c2e86cbf1ddc2761f/libs/core/langchain_core/utils/loading.py
https://github.com/langchain-ai/langchain/pull/18600
Configurations

No configuration.

History

26 Aug 2024, 20:35

Type Values Removed Values Added
CWE CWE-31
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 8.1

13 Mar 2024, 21:16

Type Values Removed Values Added
Summary
  • (es) LangChain hasta 0.1.10 permite el Directory Traversal ../ por parte de un actor que puede controlar la parte final del parámetro de ruta en una llamada load_chain. Esto omite el comportamiento previsto de cargar configuraciones solo desde el repositorio GitHub hwchase17/langchain-hub. El resultado puede ser la divulgación de una clave API para un servicio en línea de modelo de lenguaje grande o la ejecución remota de código.
Summary (en) LangChain through 0.1.10 allows ../ directory traversal by an actor who is able to control the final part of the path parameter in a load_chain call. This bypasses the intended behavior of loading configurations only from the hwchase17/langchain-hub GitHub repository. The outcome can be disclosure of an API key for a large language model online service, or remote code execution. (en) LangChain through 0.1.10 allows ../ directory traversal by an actor who is able to control the final part of the path parameter in a load_chain call. This bypasses the intended behavior of loading configurations only from the hwchase17/langchain-hub GitHub repository. The outcome can be disclosure of an API key for a large language model online service, or remote code execution. (A patch is available as of release 0.1.29 of langchain-core.)
References
  • () https://github.com/langchain-ai/langchain/pull/18600 -

04 Mar 2024, 00:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-03-04 00:15

Updated : 2024-08-26 20:35

NVD link : CVE-2024-28088

Mitre link : CVE-2024-28088

CVE.ORG link : CVE-2024-28088

JSON object : View

Products Affected

No product.

CWE
CWE-31

Path Traversal: 'dir\..\..\filename'


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024