CVE-2023-46229

Name of the Vulnerable Software and Affected Versions LangChain versions prior to 0.0.317

Description The issue allows Server-Side Request Forgery (SSRF) via the document loaders/recursive url loader.py module. This occurs because crawling can proceed from an external server to an internal server. The vulnerability is being actively exploited.

Recommendations For versions prior to 0.0.317, update to version 0.0.317 or later to resolve the issue. As a temporary workaround, consider restricting access to the document loaders/recursive url loader.py module to minimize the risk of exploitation.