Headline
GHSA-6h8p-4hx9-w66c: Langchain Server-Side Request Forgery vulnerability
In Langchain through 0.0.155, prompt injection allows an attacker to force the service to retrieve data from an arbitrary URL, essentially providing SSRF and potentially injecting content into downstream tasks.
Langchain Server-Side Request Forgery vulnerability
High severity GitHub Reviewed Published Oct 21, 2023 to the GitHub Advisory Database • Updated Oct 24, 2023
Related news
CVE-2023-32786: Markdown export of a Jupyter notebook demonstrating the abuse of LangChain's APIChain module to access arbitrary URLs
In Langchain through 0.0.155, prompt injection allows an attacker to force the service to retrieve data from an arbitrary URL, essentially providing SSRF and potentially injecting content into downstream tasks.