Vulnerabilities > Langchain > Langchain > 0.0.91
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-10-20 | CVE-2023-32786 | Injection vulnerability in Langchain In Langchain through 0.0.155, prompt injection allows an attacker to force the service to retrieve data from an arbitrary URL, essentially providing SSRF and potentially injecting content into downstream tasks. | 7.5 |
2023-10-19 | CVE-2023-46229 | Server-Side Request Forgery (SSRF) vulnerability in Langchain LangChain before 0.0.317 allows SSRF via document_loaders/recursive_url_loader.py because crawling can proceed from an external server to an internal server. | 8.8 |
2023-08-15 | CVE-2023-38896 | Injection vulnerability in Langchain An issue in Harrison Chase langchain v.0.0.194 and before allows a remote attacker to execute arbitrary code via the from_math_prompt and from_colored_object_prompt functions. | 9.8 |
2023-08-15 | CVE-2023-39659 | Injection vulnerability in Langchain An issue in langchain langchain-ai v.0.0.232 and before allows a remote attacker to execute arbitrary code via a crafted script to the PythonAstREPLTool._run component. | 9.8 |