DirectorySecurity Advisories
Sign In
Security Advisories

CVE-2024-7042

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-7042

CGA ID

CGA-g5qx-w4mx-rh8r

Severity

9.8

Critical

CVSS V3

Description

A vulnerability in the GraphCypherQAChain class of langchain-ai/langchainjs versions 0.2.5 and all versions with this class allows for prompt injection, leading to SQL injection. This vulnerability permits unauthorized data manipulation, data exfiltration, denial of service (DoS) by deleting all data, breaches in multi-tenant security environments, and data integrity issues. Attackers can create, update, or delete nodes and relationships without proper authorization, extract sensitive data, disrupt services, access data across different tenants, and compromise the integrity of the database.

References

  • https://images.chainguard.dev/security/CGA-g5qx-w4mx-rh8r

Affected packages


Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images