Description

A Denial-of-Service (DoS) vulnerability exists in the `SitemapLoader` class of the `langchain-ai/langchain` repository, affecting all versions. The `parse_sitemap` method, responsible for parsing sitemaps and extracting URLs, lacks a mechanism to prevent infinite recursion when a sitemap URL refers to the current sitemap itself. This oversight allows for the possibility of an infinite loop, leading to a crash by exceeding the maximum recursion depth in Python. This vulnerability can be exploited to occupy server socket/port resources and crash the Python process, impacting the availability of services relying on this functionality.

INFO

Published Date :

2024-06-06T18:52:54.353Z

Last Modified :

2025-10-15T12:50:22.559Z

Source :

@huntr_ai
AFFECTED PRODUCTS

The following products are affected by CVE-2024-2965 vulnerability.

Vendors Products
Langchain
  • Langchain
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-2965.

URL Resource
https://github.com/langchain-ai/langchain/commit/73c42306745b0831aa6fe7fe4eeb70d2c2d87a82 cve-icon cve-icon
https://huntr.com/bounties/90b0776d-9fa6-4841-aac4-09fde5918cae cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-2965 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-2965 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact