We use cookies to improve your experience on our site.
AVID-2026-R1283
Description
Vulnerability CVE-2023-46229
Details
LangChain before 0.0.317 allows SSRF via document_loaders/recursive_url_loader.py because crawling can proceed from an external server to an internal server.
Reason for inclusion in AVID: CVE-2023-46229 describes an SSRF vulnerability in LangChain (before 0.0.317) affecting its document_loaders/recursive_url_loader, enabling an attacker to crawl from an external server to internal resources. LangChain is an AI framework used to build AI systems, pipelines, and tooling, so this is a vulnerability in a software component commonly used to build/run general-purpose AI systems. It is a security vulnerability with potential impact on AI software stacks. The report provides explicit evidence (CVE entry, PR link, commit) supporting the claim.
References
- NVD entry
- https://github.com/langchain-ai/langchain/pull/11925
- https://github.com/langchain-ai/langchain/commit/9ecb7240a480720ec9d739b3877a52f76098a2b8
Affected or Relevant Artifacts
- Developer: n/a
- Deployer: n/a
- Artifact Details:
| Type | Name |
|---|---|
| System | n/a |
Impact
AVID Taxonomy Categorization
- Risk domains: Security
- SEP subcategories: S0100: Software Vulnerability
- Lifecycle stages: L06: Deployment
Other information
- Report Type: Advisory
- Credits:
- Date Reported: 2023-10-19
- Version: 0.3.3
- AVID Entry