CVE-2024-8309 | langchain-ai langchain up to 0.2.x GraphCypherQAChain sql injection

Inserito da Angelo Barbosa | Ott 29, 2024 | CVE

A vulnerability was found in langchain-ai langchain up to 0.2.x. It has been classified as critical. Affected is the function GraphCypherQAChain. The manipulation leads to sql injection.

This vulnerability is traded as CVE-2024-8309. The attack needs to be approached locally. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-8309 | langchain-ai langchain up to 0.2.x GraphCypherQAChain sql injection

Post correlati

CVE-2024-11263 | zephyrproject-rtos Zephyr up to 3.7 Global Pointer privilege context switching error (GHSA-jjf3-7×72-pqm9)

CVE-2024-25106 | OpenObserve up to 0.7.x {email_id} access control (GHSA-3m5f-9m66-xgp7)

CVE-2024-3500 | ElementsKit Pro Plugin up to 3.6.0 on WordPress Advanced Toggle Widget file inclusion

CVE-2024-29477 | Dolibarr ERP CRM up to 19.0.0 Privilege Escalation