Langroid Allows XXE Injection via XMLToolMessage
A LLM application leveraging XMLToolMessage class may be exposed to untrusted XML input that could result in DoS and/or exposing local files with sensitive information.
Advisories for Pypi/Langroid package
2025