CVE-2023-32786
HIGHLangchain < 0.0.155 - Server-Side Request Forgery via Prompt Injection
Title source: llmDescription
In Langchain through 0.0.155, prompt injection allows an attacker to force the service to retrieve data from an arbitrary URL, essentially providing SSRF and potentially injecting content into downstream tasks.
References (1)
Core 1
Core References
Third Party Advisory
https://gist.github.com/rharang/d265f46fc3161b31ac2e81db44d662e1
Scores
CVSS v3
7.5
EPSS
0.0059
EPSS Percentile
43.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-74
Status
published
Products (2)
langchain/langchain
< 0.0.155
pypi/langchain
0 - 0.0.329PyPI
Published
Oct 20, 2023
Tracked Since
Feb 18, 2026