CNNVD-202511-2427 Information
CNNVD ID
CNNVD-202511-2427
Related CVE
- CNNVD Published: 2025-11-21
Description (Chinese)
LangChain是LangChain开源的一个用于开发由大型语言模型 (LLM) 提供支持的应用程序的框架。 LangChain 0.3.79及之前版本和1.0.0版本至1.0.6版本存在安全漏洞,该漏洞源于模板注入,可能导致访问Python对象内部。
Description (English)
LangChain is a framework for the development of applications supported by the Large Language Model (LLM) at the LangCain Open Source. There is a security loophole in Langchain 0.3.79 and previous and from 1.0.0 to 1.0.6, which originates from the injection of templates and may lead to access to the inside of Python objects.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
LangChain
Published
2025-11-21
Last Modified
2026-02-24
References
https://github.com/langchain-ai/langchain/commit/c4b6ba254e1a49ed91f2e268e6484011c540542a https://github.com/langchain-ai/langchain/commit/fa7789d6c21222b85211755d822ef698d3b34e00 https://github.com/langchain-ai/langchain/security/advisories/GHSA-6qv9-48xg-fc7f
Patch
https://github.com/langchain-ai/langchain/releases
Share on: