Jacoblee93

**Name of the Vulnerable Software and Affected Versions** langchain-ai/langchainjs version 0.2.5 **Description** A path traversal issue exists in the `getFullPath` method, allowing attackers to save files anywhere in the filesystem, overwrite existing text files, read `.txt` files, and delete files. The issue is exploited through the `setFileContent`, `getParsedFile`, and `mdelete` methods, which do not properly sanitize user input. **Recommendations** For version 0.2.5, consider disabling the `getFullPath` method, `setFileContent`, `getParsedFile`, and `mdelete` methods until a patch is available to prevent exploitation. Restrict access to these methods to minimize the risk of attackers saving, overwriting, reading, or deleting files. At the moment, there is no information about a newer version that contains a fix for this vulnerability.