GHSA-wwqv-p2pp-99h5: LangGraph Checkpoint affected by RCE in "json" mode of JsonPlusSerializer
Prior to langgraph-checkpoint version 3.0 , LangGraph’s JsonPlusSerializer (used as the default serialization protocol for all checkpointing) contains a remote code execution (RCE) vulnerability when deserializing payloads saved in the "json" serialization mode.
If an attacker can cause your application to persist a payload serialized in this mode, they may be able to also send malicious content that executes arbitrary Python code during deserialization.
Upgrading to version langgraph-checkpoint 3.0 patches this vulnerability by preventing deserialization of custom objects saved in this mode.
If you are deploying in langgraph-api, any version 0.5 or later is also free of this vulnerability.
References
- github.com/advisories/GHSA-wwqv-p2pp-99h5
- github.com/langchain-ai/langgraph
- github.com/langchain-ai/langgraph/blob/c5744f583b11745cd406f3059903e17bbcdcc8ac/libs/checkpoint/langgraph/checkpoint/serde/jsonplus.py
- github.com/langchain-ai/langgraph/commit/c5744f583b11745cd406f3059903e17bbcdcc8ac
- github.com/langchain-ai/langgraph/releases/tag/checkpoint%3D%3D3.0.0
- github.com/langchain-ai/langgraph/security/advisories/GHSA-wwqv-p2pp-99h5
Code Behaviors & Features
Detect and mitigate GHSA-wwqv-p2pp-99h5 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →