Vladimirelitokarev

**Name of the Vulnerable Software and Affected Versions** protobufjs versions prior to 7.5.6 protobufjs versions prior to 8.0.2 **Description** protobufjs allows certain schema option paths to traverse inherited object properties during option application. A crafted protobuf schema or JSON descriptor can cause option handling to write to properties on global JavaScript constructors, corrupting built-in process-wide functionality. This can lead to a persistent denial of service for the lifetime of the affected process. The issue affects applications that parse or load protobuf schemas or descriptors from untrusted sources using reflection APIs such as `parse()`, `Root.load()`, `Root.loadSync()`, or `Root.fromJSON()`. Applications using bundled or trusted schemas to decode untrusted payloads are not directly affected. **Recommendations** Update to version 7.5.6. Update to version 8.0.2. Avoid parsing or loading protobuf schemas or JSON descriptors from untrusted sources. Validate or reject option names containing unsafe property path components before loading them. Run schema processing in an isolated process.

**Name of the Vulnerable Software and Affected Versions** protobufjs versions prior to 7.5.6 protobufjs versions prior to 8.0.2 **Description** protobufjs uses plain objects with inherited prototypes for internal type lookup tables within generated encode and decode functions. If `Object.prototype` is polluted, these lookup tables may resolve attacker-controlled inherited properties as valid protobuf type information, potentially causing attacker-controlled strings to be emitted into generated JavaScript code. This can lead to arbitrary JavaScript execution if an attacker can first trigger a prototype pollution vulnerability. Prototype pollution is a technique where an attacker manipulates the prototype of a base object to inject properties that are inherited by other objects. **Recommendations** Update to version 7.5.6. Update to version 8.0.2. Remove or mitigate reachable prototype pollution primitives and isolate schema or message processing from untrusted application state.

**Name of the Vulnerable Software and Affected Versions** Dgraph versions prior to 25.3.3 **Description** An issue exists in Dgraph that allows an unauthenticated attacker to gain full read access to all data in the database. This occurs in the default configuration where Access Control Lists (ACL) are disabled. The flaw is a DQL injection located in the `/mutate?commitNow=true` endpoint. By sending a crafted `cond` variable within an upsert mutation, an attacker can inject an additional DQL query block. This happens because the `cond` value is concatenated directly into a DQL query string via the `strings.Builder.WriteString` function after only a cosmetic transformation, without proper escaping, parameterization, or structural validation. The injected query executes on the server, and the results are returned in the HTTP response. Even when ACL is enabled, users with mutation-only permissions can use this method to bypass per-predicate ACL authorization. **Recommendations** Update to version 25.3.3. As a temporary workaround, enable ACL to restrict unauthenticated access to the `/mutate` endpoint.

**Name of the Vulnerable Software and Affected Versions** Dgraph versions prior to 25.3.3 **Description** An issue in Dgraph allows an unauthenticated attacker to gain full read access to all data in the database when the default configuration is used and Access Control Lists (ACL) are not enabled. The flaw is a DQL injection that occurs because the `Lang` field in JSON mutation keys is not validated. An attacker can exploit this by sending two HTTP POST requests to port 8080. First, they use the '/alter' endpoint to set up a schema predicate with `@unique`, `@index(exact)`, and `@lang`. Second, they send a crafted JSON mutation to the '/mutate?commitNow=true' endpoint. By including a DQL injection payload in the language tag position of a JSON key, the attacker can escape the `eq()` function and execute arbitrary named query blocks server-side. This process exploits the `addQueryIfUnique()` function in `edgraph/server.go`, which uses `fmt.Sprintf` to construct queries with the unsanitized `predicateName` variable, including the raw `pred.Lang` value. The results of the injected query are then returned in the HTTP response. **Recommendations** Update to version 25.3.3. As a temporary workaround, enable ACL to prevent unauthenticated access to the '/alter' and '/mutate' endpoints.

**Name of the Vulnerable Software and Affected Versions** Firebird versions prior to 5.0.4 Firebird versions prior to 4.0.7 Firebird versions prior to 3.0.14 **Description** The external engine plugin loader concatenates a user-supplied engine name into a filesystem path without filtering path separators or dot-dot (..) components. An authenticated user with CREATE FUNCTION privileges can use a crafted `ENGINE` parameter to perform path traversal and load an arbitrary shared library from any location on the filesystem. The initialization code of the library executes immediately upon loading, before the system validates the module, allowing for code execution under the server's operating system account. **Recommendations** Update to version 5.0.4 Update to version 4.0.7 Update to version 3.0.14

**Name of the Vulnerable Software and Affected Versions** LangChain versions prior to 1.2.22 **Description** Multiple functions within `langchain core.prompts.loading` read files from paths embedded in deserialized configuration dictionaries without validating against absolute path injection or directory traversal (a technique used to access files and directories outside the intended folder). When an application passes user-influenced prompt configurations to the `load prompt()` or `load prompt from config()` endpoints, an attacker can read arbitrary files on the host filesystem. This access is limited by file-extension checks, where `.txt` is required for templates and `.json` or `.yaml` for examples. The affected internal functions include ` load template()`, ` load examples()`, and ` load few shot prompt()`. Specifically, the `template path`, `suffix path`, and `prefix path` variables are processed by ` load template()`, while the `examples` variable (when provided as a string) is processed by ` load examples()`, and the `example prompt path` variable is processed by ` load few shot prompt()`. **Recommendations** Update LangChain to version 1.2.22 or later. As a temporary mitigation, avoid using the `load prompt()` and `load prompt from config()` functions with untrusted user input. Migrate from the deprecated legacy APIs to the `dumpd`, `dumps`, `load`, and `loads` serialization APIs in `langchain core.load`.

**Name of the Vulnerable Software and Affected Versions** Grist versions prior to 1.7.9 **Description** Grist is spreadsheet software that utilizes Python as its formula language. When configured to run formulas in the Pyodide sandbox (`GRIST SANDBOX FLAVOR` set to `pyodide`), a crafted spreadsheet formula can escape the sandbox and execute arbitrary processes on the host server. This allows an attacker to run operating system commands and potentially access sensitive information like database credentials and API keys. The issue stems from the lack of a robust sandbox barrier within the Pyodide implementation on Node.js. **Recommendations** Versions prior to 1.7.9 should be updated to version 1.7.9 or later. As a workaround for versions prior to 1.7.9, set `GRIST SANDBOX FLAVOR` to `gvisor` to utilize the gvisor-based sandbox.

**Name of the Vulnerable Software and Affected Versions** n8n versions 1.0.0 through less than 2.0.0 **Description** n8n is an open source workflow automation platform. A sandbox bypass vulnerability exists in the Python Code Node that uses Pyodide, affecting versions from 1.0.0 up to, but not including, 2.0.0. An authenticated user with permission to create or modify workflows can exploit this issue to execute arbitrary commands on the host system running n8n, with the same privileges as the n8n process. This vulnerability, tracked as CVE-2025-68668, has a CVSS score of 9.9 (Critical). Workarounds include disabling the Code Node by setting the environment variable `NODES EXCLUDE` to "["n8n-nodes-base.code"]", disabling Python support in the Code node by setting the environment variable `N8N PYTHON ENABLED` to false (available in n8n version 1.104.0), and configuring n8n to use the task runner based Python sandbox via the `N8N RUNNERS ENABLED` and `N8N NATIVE PYTHON RUNNER` environment variables. The task runner-based Python implementation became the default starting with n8n version 2.0.0. **Recommendations** Upgrade to n8n version 2.0.0 or later. As a temporary workaround, disable the Code Node by setting the environment variable `NODES EXCLUDE` to "["n8n-nodes-base.code"]". As a temporary workaround, disable Python support in the Code node by setting the environment variable `N8N PYTHON ENABLED` to false. As a temporary workaround, configure n8n to use the task runner based Python sandbox via the `N8N RUNNERS ENABLED` and `N8N NATIVE PYTHON RUNNER` environment variables.

Name of the Vulnerable Software and Affected Versions: LangChain versions prior to 0.3.81 and 1.2.5 Description: A serialization injection vulnerability exists in LangChain's `dumps()` and `dumpd()` functions. These functions do not properly escape dictionaries containing 'lc' keys when serializing data. The 'lc' key is used internally by LangChain to identify serialized objects. When user-controlled data includes this key structure, it is incorrectly treated as a legitimate LangChain object during deserialization instead of plain user data. This allows attackers to potentially extract sensitive information, such as environment variables, and potentially execute arbitrary code. The vulnerability is exploitable through prompt injection via LLM responses and can affect various components, including streaming operations and cached data. Recommendations: Upgrade to LangChain version 0.3.81 or 1.2.5 or later. If upgrading is not immediately possible, restrict deserialization to a predefined allowlist of trusted objects and disable automatic loading of secrets from environment variables. Treat all LLM outputs as untrusted data, especially when serialization or deserialization is involved.

**Name of the Vulnerable Software and Affected Versions** LangChain versions prior to 0.3.37 @langchain/core versions prior to 0.3.80 LangChain versions prior to 1.2.3 @langchain/core versions prior to 1.1.8 **Description** LangChain is a framework designed for building applications powered by Large Language Models (LLMs). A serialization issue exists in the `toJSON()` method of LangChain JS, impacting versions prior to 0.3.37 and 1.2.3 for LangChain, and prior to 0.3.80 and 1.1.8 for @langchain/core. This issue arises because the method does not properly escape objects containing 'lc' keys when serializing data using `JSON.stringify()`. The 'lc' key is used internally by LangChain to identify serialized objects. If user-supplied data includes this key structure, it may be incorrectly interpreted as a legitimate LangChain object during deserialization instead of being treated as plain user data. This could potentially lead to unauthorized access or manipulation of data. **Recommendations** Update to LangChain version 0.3.37 or later. Update to @langchain/core version 0.3.80 or later. Update to LangChain version 1.2.3 or later. Update to @langchain/core version 1.1.8 or later.