CNNVD-202509-1788 Information

CNNVD ID

CNNVD-202509-1788

Related CVE

CVE-2025-9556

• CNNVD Published: 2025-09-12

Description (Chinese)

LangChain Go是Travis Cline个人开发者的一个用Go编写基于LLM的程序的简单框架。 LangChain Go 0.1.14版本存在安全漏洞，该漏洞源于支持include和extends语法读取文件，可能导致服务器端模板注入攻击。

Description (English)

LangChain Go is a simple framework for the LLM-based program that Travis Cline personal developers use to develop. The Langchain Go 0.1.14 version contains a security loophole that originates in support of include and extends syntax access to files, which could lead to the injection of server-end templates into attacks.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2025-09-12

Last Modified

2026-02-24

References

https://github.com/tmc/langchaingo/pull/1348 https://github.com/tmc/langchaingo/security/advisories/GHSA-mgcj-g55g-rf6h https://access.redhat.com/security/cve/cve-2025-9556