CNNVD-202506-3678 Information

CNNVD ID

CNNVD-202506-3678

Related CVE

CVE-2025-6854

• CNNVD Published: 2025-06-29

Description (Chinese)

LangChain-Chatchat是Chatchat-Space开源的一个基于LangChain框架开发的聊天机器人软件。 Langchain-Chatchat 0.3.1及之前版本存在路径遍历漏洞，该漏洞源于对文件/v1/files?purpose=assistants的错误操作导致路径遍历。

Description (English)

LangChain-Chatchat is a chat robot software based on the LangChain framework developed by the Chatchat-Space Open Source. Langchain-Chatchat 0.3.1 and previous versions have path-to-path loopholes, which stem from the error of the file/v1/files?purpose=assistants.

Hazard Level

High

Vulnerability Type

路径遍历

Affected Vendor

Chatchat-Space

Published

2025-06-29

Last Modified

2026-02-24

References

https://github.com/chatchat-space/Langchain-Chatchat/issues/5353 https://vuldb.com/?submit.601161 https://vuldb.com/?id.314326 https://vuldb.com/?ctiid.314326 https://access.redhat.com/security/cve/cve-2025-6854