Количество 2
Количество 2
CVE-2025-65106
LangChain is a framework for building agents and LLM-powered applications. From versions 0.3.79 and prior and 1.0.0 to 1.0.6, a template injection vulnerability exists in LangChain's prompt template system that allows attackers to access Python object internals through template syntax. This vulnerability affects applications that accept untrusted template strings (not just template variables) in ChatPromptTemplate and related prompt template classes. This issue has been patched in versions 0.3.80 and 1.0.7.
GHSA-6qv9-48xg-fc7f
LangChain Vulnerable to Template Injection via Attribute Access in Prompt Templates
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-65106 LangChain is a framework for building agents and LLM-powered applications. From versions 0.3.79 and prior and 1.0.0 to 1.0.6, a template injection vulnerability exists in LangChain's prompt template system that allows attackers to access Python object internals through template syntax. This vulnerability affects applications that accept untrusted template strings (not just template variables) in ChatPromptTemplate and related prompt template classes. This issue has been patched in versions 0.3.80 and 1.0.7. | 0% Низкий | 3 месяца назад | |
| GHSA-6qv9-48xg-fc7f LangChain Vulnerable to Template Injection via Attribute Access in Prompt Templates | 0% Низкий | 3 месяца назад |
Уязвимостей на страницу