Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-f2jm-rw3h-6phg: LangChain pickle deserialization of untrusted data

A vulnerability in the FAISS.deserialize_from_bytes function of langchain-ai/langchain allows for pickle deserialization of untrusted data. This can lead to the execution of arbitrary commands via the os.system function. The issue affects versions prior to 0.2.10.

ghsa
#vulnerability#git

LangChain pickle deserialization of untrusted data

Moderate severity GitHub Reviewed Published Sep 17, 2024 to the GitHub Advisory Database • Updated Sep 17, 2024

ghsa: Latest News

GHSA-qr9h-j6xg-2j72: Qwik's unhandled exception vulnerabilty can cause server crashes from malicious requests