Resp4Ss

Name of the Vulnerable Software and Affected Versions: Langchain-Chatchat versions up to 0.3.1 Description: A critical vulnerability has been found in Langchain-Chatchat, affecting the `upload temp docs` function of the `/knowledge base/upload temp docs` file in the Backend component. The manipulation of the `flag` argument leads to path traversal, allowing for remote attacks. The exploit has been publicly disclosed and may be used. Recommendations: For versions up to 0.3.1, consider disabling the `upload temp docs` function until a patch is available to prevent path traversal attacks. Restrict access to the `/knowledge base/upload temp docs` file to minimize the risk of exploitation. Avoid using the `flag` argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Upsonic versions up to 0.55.6 **Description** A critical issue has been found in the Pickle Handler component of Upsonic, affecting the `cloudpickle.loads` function. This issue leads to deserialization. The exploit has been disclosed to the public and may be used. **Recommendations** For versions up to 0.55.6, consider disabling the `cloudpickle.loads` function in the Pickle Handler component as a temporary workaround until a patch is available. Restrict access to the `/tools/add tool` file to minimize the risk of exploitation.