—

PYSEC-2024-43

Details

LangChain through 0.1.10 allows ../ directory traversal by an actor who is able to control the final part of the path parameter in a load_chain call. This bypasses the intended behavior of loading configurations only from the hwchase17/langchain-hub GitHub repository. The outcome can be disclosure of an API key for a large language model online service, or remote code execution.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / langchain

Introduced in: 0 Fixed in: 0.1.11

Fix pip install --upgrade 'langchain>=0.1.11'

References

https://github.com/PinkDraconian/PoC-Langchain-RCE/blob/main/README.md [WEB]
https://github.com/langchain-ai/langchain/blob/f96dd57501131840b713ed7c2e86cbf1ddc2761f/libs/core/langchain_core/utils/loading.py [WEB]