CVE-2024-7774 - Apache Langchain Path Traversal Vulnerability

3 weeks ago 11
ARTICLE AD BOX
CVE ID : CVE-2024-7774
Published : Oct. 29, 2024, 1:15 p.m. | 24 minutes ago
Description : A path traversal vulnerability exists in the `getFullPath` method of langchain-ai/langchainjs version 0.2.5. This vulnerability allows attackers to save files anywhere in the filesystem, overwrite existing text files, read `.txt` files, and delete files. The vulnerability is exploited through the `setFileContent`, `getParsedFile`, and `mdelete` methods, which do not properly sanitize user input.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Read Entire Article