CVE-2024-2057 Information

Description

A vulnerability was found in Harrison Chase LangChain 0.1.9. It has been classified as critical. Affected is the function load_local in the library libs/community/langchain_community/retrievers/tfidf.py. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255372.

Reference

https://vuldb.com/?id.255372 https://vuldb.com/?ctiid.255372 https://github.com/bayuncao/vul-cve-16 https://github.com/bayuncao/vul-cve-16/tree/main/PoC.pkl