CVE-2024-28088

moderate-risk
Published 2024-03-04

LangChain through 0.1.10 allows ../ directory traversal by an actor who is able to control the final part of the path parameter in a load_chain call. This bypasses the intended behavior of loading configurations only from the hwchase17/langchain-hub GitHub repository. The outcome can be disclosure of an API key for a large language model online service, or remote code execution. (A patch is available as of release 0.1.29 of langchain-core.)

Do I need to act?

!
13.4% chance of exploitation in next 30 days
EPSS score — higher than 87% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.1/10 High
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Langchain

References (6)

Exploit https://github.com/PinkDraconian/PoC-Langchain-RCE/blob/main/README.md
Product https://github.com/langchain-ai/langchain/blob/f96dd57501131840b713ed7c2e86cbf1d...
Exploit https://github.com/langchain-ai/langchain/pull/18600
Exploit https://github.com/PinkDraconian/PoC-Langchain-RCE/blob/main/README.md
Product https://github.com/langchain-ai/langchain/blob/f96dd57501131840b713ed7c2e86cbf1d...
Exploit https://github.com/langchain-ai/langchain/pull/18600
45
/ 100
moderate-risk
Severity 28/34 · Critical
Exploitability 12/34 · Low
Exposure 5/34 · Minimal