CNNVD-202512-4029 Information
CNNVD ID
CNNVD-202512-4029
Related CVE
- CNNVD Published: 2025-12-23
Description (Chinese)
LangChain是LangChain开源的一个用于开发由大型语言模型 (LLM) 提供支持的应用程序的框架。 LangChain 0.3.81之前版本和1.2.5之前版本存在代码问题漏洞,该漏洞源于序列化注入,可能导致反序列化时执行任意代码。
Description (English)
LangChain is a framework for the development of applications supported by the Large Language Model (LLM) at the LangCain Open Source. Before Langchain 0.3.81 and before 1.2.5 there was a code gap, which stemmed from a sequenced injection, which could lead to the implementation of any code in the back-serialization.
Hazard Level
Low
Vulnerability Type
代码问题
Affected Vendor
LangChain
Published
2025-12-23
Last Modified
2026-02-24
References
https://github.com/langchain-ai/langchain/commit/d9ec4c5cc78960abd37da79b0250f5642e6f0ce6 https://github.com/langchain-ai/langchain/pull/34455 https://github.com/langchain-ai/langchain/security/advisories/GHSA-c67j-w6g6-q2cm https://github.com/langchain-ai/langchain/releases/tag/langchain-core%3D%3D0.3.81 https://github.com/langchain-ai/langchain/commit/5ec0fa69de31bbe3d76e4cf9cd65a6accb8466c8 https://github.com/langchain-ai/langchain/releases/tag/langchain-core%3D%3D1.2.5 https://github.com/langchain-ai/langchain/pull/34458 https://cxsecurity.com/issue/WLB-2026010017
Patch
https://github.com/langchain-ai/langchainjs/releases
Share on: