CNNVD-202509-421 Information
Sep 04, 2025
cve
CNNVD ID
CNNVD-202509-421
Related CVE
- CNNVD Published: 2025-09-04
Description (Chinese)
LangChain是LangChain开源的一个用于开发由大型语言模型 (LLM) 提供支持的应用程序的框架。 LangChain 0.3.63版本存在信息泄露漏洞,该漏洞源于XML解析不安全,可能导致敏感信息泄露。
Description (English)
LangChain is a framework for the development of applications supported by the Large Language Model (LLM) at the LangCain Open Source. The LangChain version 0.3.63 contains a leaking loophole, which stems from the XML resolution of insecurity and may lead to the disclosure of sensitive information.
Hazard Level
Medium
Vulnerability Type
信息泄露
Affected Vendor
LangChain
Published
2025-09-04
Last Modified
2026-02-24
References
https://huntr.com/bounties/a6b521cf-258c-41c0-9edb-d8ef976abb2a https://access.redhat.com/security/cve/cve-2025-6984
Patch
https://github.com/langchain-ai/langchain/releases
Share on: