CNNVD-202510-3957 Information
CNNVD ID
CNNVD-202510-3957
Related CVE
- CNNVD Published: 2025-10-29
Description (Chinese)
langchainlanggraph-checkpoint-sqlite是LangChain开源的一个数据库连接Python库。 langchainlanggraph-checkpoint-sqlite 2.0.11之前版本存在SQL注入漏洞,该漏洞源于使用直接字符串连接而未正确参数化,可能导致SQL注入攻击。
Description (English)
Langchainlangragrap-checkpoint-sqlite is a database connected to the Python Library, an open source in Langchain. langchainlangraph-checkpoint-sqlite 2.0.11 has an injection loophole in SQL, which arises from the use of direct string connections without the correct parameterization, which may lead to an SQL injection attack.
Hazard Level
Medium
Vulnerability Type
SQL注入
Affected Vendor
LangChain
Published
2025-10-29
Last Modified
2026-02-24
References
https://github.com/langchain-ai/langgraph/security/advisories/GHSA-7p73-8jqx-23r8 https://github.com/langchain-ai/langgraph/commit/bc9d45b476101e441cb1cc602dea03eb29232de4 https://access.redhat.com/security/cve/cve-2025-64104
Patch
https://github.com/langchain-ai/langgraph/releases
Share on: