CVE-2024-2965

Name of the Vulnerable Software and Affected Versions langchain-ai/langchain versions prior to 0.2.5 langchain-community versions prior to 0.2.5

Description A Denial-of-Service (DoS) issue exists in the SitemapLoader class due to the parse sitemap method lacking a mechanism to prevent infinite recursion when a sitemap URL refers to itself. This allows for an infinite loop, leading to a crash by exceeding the maximum recursion depth in Python, which can occupy server resources and impact service availability.

Recommendations For langchain-ai/langchain versions prior to 0.2.5, update to version 0.2.5 or later. For langchain-community versions prior to 0.2.5, update to version 0.2.5 or later. As a temporary workaround, consider disabling the parse sitemap method in the SitemapLoader class until a patch is available.