CNNVD-202506-3679 Information

CNNVD ID

CNNVD-202506-3679

Related CVE

CVE-2025-6853

• CNNVD Published: 2025-06-29

Description (Chinese)

LangChain-Chatchat是Chatchat-Space开源的一个基于LangChain框架开发的聊天机器人软件。 LangChain-Chatchat 0.3.1及之前版本存在路径遍历漏洞，该漏洞源于对文件/knowledge_base/upload_temp_docs中参数flag的错误操作导致路径遍历。

Description (English)

LangChain-Chatchat is a chat robot software based on the LangChain framework developed by the Chatchat-Space Open Source. LangChain-Chatchat 0.3.1 and previous versions have path-to-path loopholes, which stem from the error in the application of the parameter flag in file/knowledge base/upload temp docs.

Hazard Level

High

Vulnerability Type

路径遍历

Affected Vendor

Chatchat-Space

Published

2025-06-29

Last Modified

2026-02-24

References

https://github.com/chatchat-space/Langchain-Chatchat/issues/5352 https://vuldb.com/?ctiid.314325 https://vuldb.com/?submit.601155 https://vuldb.com/?id.314325 https://access.redhat.com/security/cve/cve-2025-6853