CVE-2024-3571

Name of the Vulnerable Software and Affected Versions langchain-ai/langchain (affected versions not specified)

Description langchain-ai/langchain is susceptible to a path traversal issue stemming from insufficient restriction of pathnames within its LocalFileStore functionality. This allows attackers to potentially read or write files to arbitrary locations on the filesystem, which could result in information disclosure or remote code execution. The vulnerability resides in the mset and mget methods, where user-supplied input is not adequately sanitized, enabling directory traversal sequences to access unintended directories.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.