CVE-2024-2057 | Harrison Chase LangChain 0.1.9 tfidf.py load_local server-side request forgery

Posted by Angelo Barbosa | Mar 1, 2024 | CVE

A vulnerability was found in Harrison Chase LangChain 0.1.9. It has been classified as critical. Affected is the function load_local in the library libs/community/langchain_community/retrievers/tfidf.py. The manipulation leads to server-side request forgery.

This vulnerability is traded as CVE-2024-2057. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

CVE-2024-2057 | Harrison Chase LangChain 0.1.9 tfidf.py load_local server-side request forgery

Related Posts

CVE-2024-29033 | oauthenticator prior 16.3.0 GoogleOAuthenticator.hosted_domain improper authorization

CVE-2023-6694 | Beaver Themer Plugin up to 1.4.9 on WordPress Shortcode cross site scripting

CVE-2024-49268 | sunburntkamel Disconnected Plugin up to 1.3.0 on WordPress cross site scripting

CVE-2023-7130 | code-projects College Notes Gallery 2.0 login.php user sql injection