1  info:
 2    name: langchain
 3    cve: CVE-2025-6855
 4    summary: Path traversal vulnerability in Langchain-Chatchat due to improper flag argument handling
 5    details: |
 6      The vulnerability affects chatchat-space Langchain-Chatchat versions up to 0.3.1. 
 7      It stems from improper handling of the `flag` argument in the `/v1/file` endpoint, 
 8      allowing attackers to perform path traversal attacks. This could lead to unauthorized 
 9      file access or potential code execution depending on the system configuration.
10    cvss: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
11    severity: HIGH
12    security_advise: |
13      1. Upgrade to Langchain-Chatchat version 0.3.2 or later
14      2. Implement strict input validation for the `flag` parameter
15      3. Restrict file system access permissions for the application
16  rule: version > "0" && version < "0.3.2"
17  references:
18    - https://nvd.nist.gov/vuln/detail/CVE-2025-6855
19    - https://github.com/chatchat-space/Langchain-Chatchat/issues/5354
20    - https://vuldb.com/?ctiid.314327
21    - https://vuldb.com/?id.314327
22    - https://vuldb.com/?submit.601162