CNNVD-202506-2957 Information
CNNVD ID
CNNVD-202506-2957
Related CVE
- CNNVD Published: 2025-06-23
Description (Chinese)
LangChain是LangChain开源的一个用于开发由大型语言模型 (LLM) 提供支持的应用程序的框架。 LangChain 0.0.27版本存在代码问题漏洞,该漏洞源于RequestsToolkit组件未限制请求地址,可能导致服务端请求伪造。
Description (English)
LangChain is a framework for the development of applications supported by the Large Language Model (LLM) at the LangCain Open Source. Version LangChain 0.0.27 has a code gap, which stems from the fact that the RequestsToolkit component does not restrict the address of the request, which may lead to the forgery of the service request.
Hazard Level
Medium
Vulnerability Type
代码问题
Affected Vendor
LangChain
Published
2025-06-23
Last Modified
2026-02-24
References
https://github.com/langchain-ai/langchain/commit/e188d4ecb085d4561a0be3c583d26aa9c2c3283f https://huntr.com/bounties/8f771040-7f34-420a-b96b-5b93d4a99afc https://access.redhat.com/security/cve/cve-2025-2828
Patch
https://github.com/langchain-ai/langchain/releases
Share on: