Veracode Vulnerability DatabaseVERACODE:43911Server Side Request Forgery
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
41.3%
langchain is vulnerable to Server-Side Request Forgery. This vulnerability exists because it does not properly filter URLs in the __init__ function in recursive_url_loader.py, allowing an attacker to trick a server into sending HTTP requests to any domain by taking advantage of the server’s capacity to crawl from an external server to an internal server.
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
41.3%