DirectorySecurity Advisories
Sign In
Security Advisories

CGA-g5qx-w4mx-rh8r

Published

Last updated

https://images.chainguard.dev/security/CGA-g5qx-w4mx-rh8r
Package

kibana-8

Latest Update
Fixed
Fixed Version

8.16.1-r1

Aliases
  • CVE-2024-7042
  • GHSA-6m59-8fmv-m5f9

Severity

4.9

Medium

CVSS V3

Summary

@langchain/community SQL Injection vulnerability

Description

A vulnerability in the GraphCypherQAChain class of langchain-ai/langchainjs versions 0.2.5 and all versions with this class allows for prompt injection, leading to SQL injection. This vulnerability permits unauthorized data manipulation, data exfiltration, denial of service (DoS) by deleting all data, breaches in multi-tenant security environments, and data integrity issues. Attackers can create, update, or delete nodes and relationships without proper authorization, extract sensitive data, disrupt services, access data across different tenants, and compromise the integrity of the database.

References

Updates

Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images

Why Chainguard

Container Image SecurityVulnerability RemediationCompliance and Risk MitigationSoftware Supply Chain SecurityAI/ML Security

Customers

Customer StoriesChainguard Love

Company

About UsOpen SourceCareersNewsroomLegal

Resources

Unchained BlogResearchEventsTrust CenterDocumentation