Name of the Vulnerable Software and Affected Versions langchainjs version 0.2.5

Description A path traversal issue exists, allowing attackers to save files anywhere in the filesystem, overwrite existing text files, read .txt files, and delete files. This is exploited through the setFileContent, getParsedFile, and mdelete methods, which do not properly sanitize user input, specifically through the getFullPath method.

Recommendations For version 0.2.5, consider disabling the getFullPath method until a patch is available, and restrict access to the setFileContent, getParsedFile, and mdelete methods to minimize the risk of exploitation. Avoid using these methods with unsanitized user input until the issue is resolved.