We use cookies to improve your experience on our site.
AVID-2026-R0016
Description
Exposure of Sensitive System Information via ImagePromptTemplate in langchain-ai/langchain (CVE-2024-10940)
Details
A vulnerability in langchain-core versions >=0.1.17,<0.1.53, >=0.2.0,<0.2.43, and >=0.3.0,<0.3.15 allows unauthorized users to read arbitrary files from the host file system. The issue arises from the ability to create langchain_core.prompts.ImagePromptTemplate’s (and by extension langchain_core.prompts.ChatPromptTemplate’s) with input variables that can read any user-specified path from the server file system. If the outputs of these prompt templates are exposed to the user, either directly or through downstream model outputs, it can lead to the exposure of sensitive information.
References
- NVD entry
- https://huntr.com/bounties/be1ee1cb-2147-4ff4-a57b-b6045271cf27
- https://github.com/langchain-ai/langchain/commit/c1e742347f9701aadba8920e4d1f79a636e50b68
Affected or Relevant Artifacts
- Developer: langchain-ai
- Deployer: langchain-ai
- Artifact Details:
| Type | Name |
|---|---|
| System | langchain-ai/langchain |
Impact
AVID Taxonomy Categorization
- Risk domains: Security
- SEP subcategories: S0100: Software Vulnerability
- Lifecycle stages: L06: Deployment
CVSS
| Version | 3.0 |
| Vector String | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
| Base Score | 5.3 |
| Base Severity | 🟠 Medium |
| Attack Vector | NETWORK |
| Attack Complexity | 🟢 Low |
| Privileges Required | NONE |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | 🟢 Low |
| Integrity Impact | NONE |
| Availability Impact | NONE |
CWE
| ID | Description |
|---|---|
| CWE-497 | CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere |
Other information
- Report Type: Advisory
- Credits:
- Date Reported: 2025-03-20
- Version: 0.3.1
- AVID Entry