CVE-2023-32786

描述

In Langchain before 0.0.329, prompt injection allows an attacker to force the service to retrieve data from an arbitrary URL, essentially providing SSRF and potentially injecting content into downstream tasks.

受影響套件(1)

• PyPI/langchainfrom 0, < 0.0.329

CVSS 分數

參考連結(5)

• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2023-32786
• PATCHhttps://github.com/langchain-ai/langchain
• WEBhttps://gist.github.com/rharang/d265f46fc3161b31ac2e81db44d662e1
• WEBhttps://github.com/langchain-ai/langchain/pull/12747
• WEBhttps://github.com/langchain-ai/langchain/releases/tag/v0.0.329