Vulnerability Description
A vulnerability was found in LangChain langchain_community 0.0.26. It has been classified as critical. Affected is the function load_local in the library libs/community/langchain_community/retrievers/tfidf.py of the component TFIDFRetriever. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.0.27 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-255372.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Langchain | Langchain | 0.0.26 |
Related Weaknesses (CWE)
References
- https://github.com/bayuncao/vul-cve-16Broken Link
- https://github.com/bayuncao/vul-cve-16/tree/main/PoC.pklBroken Link
- https://github.com/langchain-ai/langchain/pull/18695Patch
- https://vuldb.com/?ctiid.255372Permissions Required
- https://vuldb.com/?id.255372Permissions Required
- https://github.com/bayuncao/vul-cve-16Broken Link
- https://github.com/bayuncao/vul-cve-16/tree/main/PoC.pklBroken Link
- https://github.com/langchain-ai/langchain/pull/18695Patch
- https://vuldb.com/?ctiid.255372Permissions Required
- https://vuldb.com/?id.255372Permissions Required
FAQ
What is CVE-2024-2057?
CVE-2024-2057 is a vulnerability with a CVSS score of 6.3 (MEDIUM). A vulnerability was found in LangChain langchain_community 0.0.26. It has been classified as critical. Affected is the function load_local in the library libs/community/langchain_community/retrievers/...
How severe is CVE-2024-2057?
CVE-2024-2057 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-2057?
Check the references section above for vendor advisories and patch information. Affected products include: Langchain Langchain.