Cradicle Explorer
ai-agents-security_AI-Infra-Guard
/ data / vuln_en / langchain / CVE-2023-32786.yaml
CVE-2023-32786.yaml
 1  info:
 2    name: langchain
 3    cve: CVE-2023-32786
 4    summary: Langchain Server-Side Request Forgery vulnerability
 5    details: |
 6      In Langchain before 0.0.329, prompt injection allows an attacker to force the service to retrieve data from an arbitrary URL, essentially providing SSRF and potentially injecting content into downstream tasks.
 7    cvss: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
 8    severity: HIGH
 9    security_advise: |
10      1. Upgrade to langchain>=0.0.329
11      2. Implement strict input validation to prevent prompt injection
12      3. Monitor and restrict outbound network requests from the application
13  rule: version < "0.0.329"
14  references:
15    - https://nvd.nist.gov/vuln/detail/CVE-2023-32786
16    - https://github.com/langchain-ai/langchain/pull/12747
17    - https://gist.github.com/rharang/d265f46fc3161b31ac2e81db44d662e1
18    - https://github.com/langchain-ai/langchain
19    - https://github.com/langchain-ai/langchain/releases/tag/v0.0.329