Lucene search

[email protected]NVD:CVE-2023-46229

HistoryOct 19, 2023 - 5:15 a.m.

CVE-2023-46229

2023-10-1905:15:58

CWE-918

[email protected]

web.nvd.nist.gov

langchain vulnerability

ssrf

document loaders

recursive url loader

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.6

Confidence

High

EPSS

0.001

Percentile

41.3%

JSON

LangChain before 0.0.317 allows SSRF via document_loaders/recursive_url_loader.py because crawling can proceed from an external server to an internal server.

Affected configurations

Nvd

Node

langchainlangchainRange<0.0.317

VendorProductVersionCPE
langchainlangchain*cpe:2.3:a:langchain:langchain:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
langchain	langchain	*	cpe:2.3:a:langchain:langchain::::::::

References

github.com/langchain-ai/langchain/commit/9ecb7240a480720ec9d739b3877a52f76098a2b8

github.com/langchain-ai/langchain/pull/11925

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.6

Confidence

High

EPSS

0.001

Percentile

41.3%

JSON

Related for NVD:CVE-2023-46229

osv3 nessus1 veracode1 github1 prion1 vulnrichment1 cvelist1 cve1 thn1