Description

langchain-ai/langchain is vulnerable to path traversal due to improper limitation of a pathname to a restricted directory ('Path Traversal') in its LocalFileStore functionality. An attacker can leverage this vulnerability to read or write files anywhere on the filesystem, potentially leading to information disclosure or remote code execution. The issue lies in the handling of file paths in the mset and mget methods, where user-supplied input is not adequately sanitized, allowing directory traversal sequences to reach unintended directories.

INFO

Published Date :

2024-04-16T00:00:15.193Z

Last Modified :

2024-08-01T20:12:07.801Z

Source :

@huntr_ai
AFFECTED PRODUCTS

The following products are affected by CVE-2024-3571 vulnerability.

Vendors Products
Langchain
  • Langchain
Langchain-ai
  • Langchain
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-3571.

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact