Rharang

**Name of the Vulnerable Software and Affected Versions** Langchain versions 0.0.0 through 0.0.155 Langchain versions prior to 0.0.329 **Description** The issue allows an attacker to force the service to retrieve data from an arbitrary URL, essentially providing Server-Side Request Forgery (SSRF) and potentially injecting content into downstream tasks. This is achieved through prompt injection. **Recommendations** For versions 0.0.0 through 0.0.155, update to version 0.0.329 or later. For versions prior to 0.0.329, update to version 0.0.329 or later. As a temporary workaround, consider restricting the ability to inject prompts that force the service to retrieve data from arbitrary URLs until a patch is available.