DirectorySecurity Advisories
Sign In
Security Advisories

CVE-2024-7774

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-7774

CGA ID

CGA-pmgr-vj55-v49h

Severity

9.1

Critical

CVSS V3

Description

A path traversal vulnerability exists in the getFullPath method of langchain-ai/langchainjs version 0.2.5. This vulnerability allows attackers to save files anywhere in the filesystem, overwrite existing text files, read .txt files, and delete files. The vulnerability is exploited through the setFileContent, getParsedFile, and mdelete methods, which do not properly sanitize user input.

References

  • https://images.chainguard.dev/security/CGA-pmgr-vj55-v49h

Affected packages


Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images