Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-46229

Опубликовано: 19 окт. 2023
Источник: redhat
CVSS3: 8.8

Описание

LangChain before 0.0.317 allows SSRF via document_loaders/recursive_url_loader.py because crawling can proceed from an external server to an internal server.

A Server-Side Request Forgery (SSRF) flaw was found in the LangChain package due to a lack of restriction enforcement on specific internet addresses. This flaw could allow an attacker to access local services, conduct port scans, retrieve instance metadata, or interact with local network resources.

Отчет

No Red Hat products are impacted by this vulnerability as the affected package version is not used.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
OpenShift Lightspeedopenshift-lightspeed/lightspeed-service-api-rhel9Not affected
Red Hat Ansible Automation Platform 2ansible-automation-platform-24/de-minimal-rhel8Not affected
Red Hat Ansible Automation Platform 2ansible-automation-platform-24/de-minimal-rhel9Not affected
Red Hat Ansible Automation Platform 2ansible-automation-platform-24/ee-dellemc-openmanage-rhel8Not affected
Red Hat Ansible Automation Platform 2ansible-automation-platform-24/ee-supported-rhel8Not affected
Red Hat Ansible Automation Platform 2ansible-automation-platform-24/ee-supported-rhel9Not affected
Red Hat Ansible Automation Platform 2ansible-automation-platform-24/lightspeed-rhel8Not affected
Red Hat Ansible Automation Platform 2ansible-automation-platform-24/platform-resource-runner-rhel8Not affected
Red Hat Ansible Automation Platform 2ansible-automation-platform-25/aap-cloud-metrics-collector-rhel8Not affected
Red Hat Ansible Automation Platform 2ansible-automation-platform-25/ansible-dev-tools-rhel8Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-918
https://bugzilla.redhat.com/show_bug.cgi?id=2390135langchain: langchain SSRF

8.8 High

CVSS3

Связанные уязвимости

nvd логотип

CVE-2023-46229

CVSS3: 8.8
nvd
больше 2 лет назад

LangChain before 0.0.317 allows SSRF via document_loaders/recursive_url_loader.py because crawling can proceed from an external server to an internal server.

github логотип

GHSA-655w-fm8m-m478

CVSS3: 8.8
github
больше 2 лет назад

LangChain Server Side Request Forgery vulnerability

8.8 High

CVSS3