CVE-2024-7774 | langchain-ai langchainjs up to 0.2.18 getFullPath path traversal

Inserito da Angelo Barbosa | Ott 29, 2024 | CVE

A vulnerability was found in langchain-ai langchainjs up to 0.2.18. It has been declared as critical. Affected by this vulnerability is the function getFullPath. The manipulation leads to path traversal: ‘..filename’.

This vulnerability is known as CVE-2024-7774. The attack can be launched remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-7774 | langchain-ai langchainjs up to 0.2.18 getFullPath path traversal

Post correlati

CVE-2024-34957 | idcCMS 1.35 sysImages_deal.php cross-site request forgery

CVE-2024-40476 | SourceCodester Best House Rental Management System 1.0 Delete Tenant Action ajax.php cross-site request forgery

CVE-2024-41088 | Linux Kernel up to 6.1.96/6.6.36/6.9.7 mcp251xfd mcp251xfd_start_xmit infinite loop

CVE-2024-34750 | Apache Tomcat up to 9.0.89/10.1.24/11.0.0-M20 HTTP/2 Stream exceptional condition