CVE-2023-32786: Langchain Server-Side Request Forgery vulnerability

October 20, 2023 (updated October 27, 2023)

In Langchain through 0.0.155, prompt injection allows an attacker to force the service to retrieve data from an arbitrary URL, essentially providing SSRF and potentially injecting content into downstream tasks.

References

gist.github.com/rharang/d265f46fc3161b31ac2e81db44d662e1
github.com/advisories/GHSA-6h8p-4hx9-w66c
nvd.nist.gov/vuln/detail/CVE-2023-32786

Detect and mitigate CVE-2023-32786 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →