CVE-2024-3095

A Server-Side Request Forgery (SSRF) vulnerability exists in the Web Research Retriever component of langchain-ai/langchain version 0.1.5. The vulnerability arises because the Web Research Retriever does not restrict requests to remote internet addresses, allowing it to reach local addresses. This flaw enables attackers to execute port scans, access local services, and in some scenarios, read instance metadata from cloud environments. The vulnerability is particularly concerning as it can be exploited to abuse the Web Explorer server as a proxy for web attacks on third parties and interact with servers in the local network, including reading their response data. This could potentially lead to arbitrary code execution, depending on the nature of the local services. The vulnerability is limited to GET requests, as POST requests are not possible, but the impact on confidentiality, integrity, and availability is significant due to the potential for stolen credentials and state-changing interactions with internal APIs.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:langchain:langchain:*:*:*:*:*:*:*:*

History

21 Nov 2024, 09:28

Type Values Removed Values Added
References () https://huntr.com/bounties/e62d4895-2901-405b-9559-38276b6a5273 - Exploit, Third Party Advisory () https://huntr.com/bounties/e62d4895-2901-405b-9559-38276b6a5273 - Exploit, Third Party Advisory

17 Oct 2024, 19:44

Type Values Removed Values Added
References () https://huntr.com/bounties/e62d4895-2901-405b-9559-38276b6a5273 - () https://huntr.com/bounties/e62d4895-2901-405b-9559-38276b6a5273 - Exploit, Third Party Advisory
First Time Langchain langchain
Langchain
CPE cpe:2.3:a:langchain:langchain:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : 4.8
v2 : unknown
v3 : 7.7

07 Jun 2024, 14:56

Type Values Removed Values Added
Summary
  • (es) Existe una vulnerabilidad de Server-Side Request Forgery (SSRF) en el componente Web Research Retriever de langchain-ai/langchain versión 0.1.5. La vulnerabilidad surge porque Web Research Retriever no restringe las solicitudes a direcciones de Internet remotas, lo que le permite llegar a direcciones locales. Esta falla permite a los atacantes ejecutar escaneos de puertos, acceder a servicios locales y, en algunos escenarios, leer metadatos de instancias de entornos de nube. La vulnerabilidad es particularmente preocupante ya que puede explotarse para abusar del servidor Web Explorer como proxy para ataques web a terceros e interactuar con servidores en la red local, incluida la lectura de sus datos de respuesta. Esto podría conducir potencialmente a la ejecución de código arbitrario, dependiendo de la naturaleza de los servicios locales. La vulnerabilidad se limita a las solicitudes GET, ya que las solicitudes POST no son posibles, pero el impacto en la confidencialidad, la integridad y la disponibilidad es significativo debido al potencial de robo de credenciales e interacciones de cambio de estado con las API internas.

06 Jun 2024, 19:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-06-06 19:15

Updated : 2024-11-21 09:28


NVD link : CVE-2024-3095

Mitre link : CVE-2024-3095

CVE.ORG link : CVE-2024-3095


JSON object : View

Products Affected

langchain

  • langchain
CWE
CWE-918

Server-Side Request Forgery (SSRF)