CNNVD-202512-4021 Information
CNNVD ID
CNNVD-202512-4021
Related CVE
- CNNVD Published: 2025-12-23
Description (Chinese)
LangChain是LangChain开源的一个用于开发由大型语言模型 (LLM) 提供支持的应用程序的框架。 LangChain 0.3.37之前版本和1.2.3之前版本存在代码问题漏洞,该漏洞源于序列化注入,可能导致反序列化时执行任意代码。
Description (English)
LangChain is a framework for the development of applications supported by the Large Language Model (LLM) at the LangCain Open Source. There is a code problem loophole in the pre-Langchain 0.337 and pre-1.2.3 versions, which stems from a sequenced injection, which may lead to the implementation of any code in the back-serialization.
Hazard Level
Low
Vulnerability Type
代码问题
Affected Vendor
LangChain
Published
2025-12-23
Last Modified
2026-02-24
References
https://github.com/langchain-ai/langchainjs/commit/e5063f9c6e9989ea067dfdff39262b9e7b6aba62 https://github.com/langchain-ai/langchainjs/releases/tag/%40langchain%2Fcore%401.1.8 https://github.com/langchain-ai/langchainjs/releases/tag/langchain%401.2.3 https://github.com/langchain-ai/langchainjs/security/advisories/GHSA-r399-636x-v7f6
Patch
https://github.com/langchain-ai/langchainjs/releases
Share on: