CVE-2024-2057

Name of the Vulnerable Software and Affected Versions LangChain langchain community version 0.0.26 LangChain version 0.1.9

Description A critical issue has been found, affecting the load local function in the libs/community/langchain community/retrievers/tfidf.py library of the TFIDFRetriever component. This issue leads to server-side request forgery and can be exploited remotely. The exploit has been publicly disclosed.

Recommendations For LangChain langchain community version 0.0.26, upgrade to version 0.0.27 to address this issue. For LangChain version 0.1.9, consider disabling the load local function in the libs/community/langchain community/retrievers/tfidf.py library as a temporary workaround until a patch is available.