Sch227

**Name of the Vulnerable Software and Affected Versions** Langroid versions prior to 0.53.15 **Description** The issue concerns Langroid, a Python framework for building large language model (LLM)-powered applications. In versions prior to 0.53.15, the `TableChatAgent` uses `pandas eval()`, which may be vulnerable to code injection if fed untrusted user input, such as in public-facing LLM applications. Langroid 0.53.15 addresses this by sanitizing input to `TableChatAgent` by default and adding warnings about risky behavior in the project documentation. **Recommendations** For versions prior to 0.53.15, update to version 0.53.15 to sanitize input to `TableChatAgent` and prevent code injection vulnerabilities. As a temporary workaround, consider disabling the use of `pandas eval()` in `TableChatAgent` until a patch is available. Restrict access to `TableChatAgent` to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Langroid versions prior to 0.53.15 **Description** The issue concerns the use of pandas eval() through the `compute from docs()` function in the `LanceDocChatAgent` component. This allows an attacker to potentially run malicious commands, compromising the host system. The `QueryPlan.dataframe calc` is also implicated in this issue. **Recommendations** For versions prior to 0.53.15, consider disabling the `LanceDocChatAgent` component or restricting its use until the issue is resolved. As a temporary workaround, avoid using the `compute from docs()` function and the `QueryPlan.dataframe calc` to minimize the risk of exploitation. Update to version 0.53.15 or later, which sanitizes input to the affected function by default and includes warnings about risky behavior in the project documentation.

**Name of the Vulnerable Software and Affected Versions** setuptools versions prior to 78.1.1 **Description** A path traversal vulnerability in `PackageIndex` was found in setuptools. An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to remote code execution depending on the context. **Recommendations** Update setuptools to version 78.1.1 or later to fix the vulnerability. For Debian 11 bullseye, update to version 52.0.0-4+deb11u2 or later. For other distributions, follow the recommended update instructions.

**Name of the Vulnerable Software and Affected Versions** Langroid versions prior to 0.53.4 **Description** A LLM application leveraging the `XMLToolMessage` class may be exposed to untrusted XML input, potentially resulting in Denial of Service (DoS) and/or exposing local files with sensitive information. The `XMLToolMessage` class uses `lxml` without safeguards, making it vulnerable to quadratic blowup attacks and allowing the processing of external entity declarations for local files by default. **Recommendations** For versions prior to 0.53.4, update to version 0.53.4 to fix the issue. As a temporary workaround, consider disabling the use of the `XMLToolMessage` class until the update is applied. Restrict access to the `lxml` library to minimize the risk of exploitation. Avoid using the `XMLToolMessage` class with untrusted XML input until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Puncia versions prior to 0.21 **Description** The issue arises from `API URLS` utilizing HTTP instead of HTTPS for communication, leading to potential issues like Eavesdropping, Data Tampering, Unauthorized Data Access, and MITM Attacks. **Recommendations** For versions prior to 0.21, upgrade to release version 0.21 to address the issue by using HTTPS instead of HTTP connections. At the moment, there is no information about other workarounds for this issue.