Eyurtsev

**Name of the Vulnerable Software and Affected Versions** langchain-ai/langchain (affected versions not specified) **Description** langchain-ai/langchain is susceptible to a path traversal issue stemming from insufficient restriction of pathnames within its LocalFileStore functionality. This allows attackers to potentially read or write files to arbitrary locations on the filesystem, which could result in information disclosure or remote code execution. The vulnerability resides in the `mset` and `mget` methods, where user-supplied input is not adequately sanitized, enabling directory traversal sequences to access unintended directories. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** LangChain (affected versions not specified) **Description** The issue concerns the XMLOutputParser in LangChain, which utilizes the etree module from the XML parser in the standard Python library. This library has some XML vulnerabilities, making it susceptible to a Billion Laughs Attack, a type of XML External Entity (XXE) exploitation. By nesting multiple layers of entities within an XML document, an attacker can cause the XML parser to consume excessive CPU and memory resources, leading to a denial of service (DoS). This primarily affects users who combine a Large Language Model (LLM) or agent with the XMLOutputParser and expose the component via an endpoint on a web service, allowing a malicious party to attempt to manipulate the LLM to produce a malicious payload for the parser. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** langchain versions prior to the version that includes the fix from https://github.com/langchain-ai/langchain/pull/15559 **Description** The issue arises when an attacker controls the contents of a website, such as `https://example.com`, and places a malicious HTML file with links to external sites, like `https://example.completely.different/my file.html`. Even with `prevent outside=True` set in the crawler configuration, the RecursiveUrlLoader would still download the file from the external site. This is due to the loader's behavior when encountering links in the HTML content. **Recommendations** For versions prior to the fix in https://github.com/langchain-ai/langchain/pull/15559, consider updating to a version that includes this fix to resolve the issue. As a temporary workaround, consider restricting the `url` parameter in the `RecursiveUrlLoader` to only allow links from trusted domains until a patch is available. Additionally, be cautious when using the `extractor` parameter with lambda functions that parse HTML content, as this could potentially lead to unintended downloads.