CNNVD-202507-3613 Information
CNNVD ID
CNNVD-202507-3613
Related CVE
- CNNVD Published: 2025-07-29
Description (Chinese)
LangChain是LangChain开源的一个用于开发由大型语言模型 (LLM) 提供支持的应用程序的框架。 LangChain v0.3.51版本存在安全漏洞,该漏洞源于GmailToolkit组件存在间接提示注入,可能导致执行任意代码。
Description (English)
LangChain is a framework for the development of applications supported by the Large Language Model (LLM) at the LangCain Open Source. There is a security loophole in version Langchain v. 0.3.51, which stems from the indirect injection of the GmailToolkit component, which could lead to the implementation of any code.
Hazard Level
Low
Vulnerability Type
其他
Affected Vendor
LangChain
Published
2025-07-29
Last Modified
2026-02-24
References
https://github.com/langchain-ai/langchain-community/issues/217#issuecomment-3144824471 https://github.com/langchain-ai/langchain/issues/30833 https://github.com/Jr61-star/CVEs/blob/main/CVE-2025-46059.md https://python.langchain.com/docs/security/
Patch
https://github.com/langchain-ai/langchain/releases
Share on: