Jr61-Star

**Name of the Vulnerable Software and Affected Versions** langchain-ai version 0.3.51 **Description** langchain-ai version 0.3.51 contains an indirect prompt injection vulnerability in the GmailToolkit component. This vulnerability allows attackers to execute arbitrary code and compromise the application via a crafted email message. The supplier disputes the code-execution claim, stating the issue arises from user-written code that does not follow LangChain security practices. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.