ID | CVE-2024-7774 | ||||||
Sažetak | A path traversal vulnerability exists in the `getFullPath` method of langchain-ai/langchainjs version 0.2.5. This vulnerability allows attackers to save files anywhere in the filesystem, overwrite existing text files, read `.txt` files, and delete files. The vulnerability is exploited through the `setFileContent`, `getParsedFile`, and `mdelete` methods, which do not properly sanitize user input. | ||||||
Reference | |||||||
CVSS |
|
||||||
Pristup |
|
||||||
Impact |
|
||||||
CVSS vektor | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N | ||||||
Zadnje važnije ažuriranje | 29-10-2024 - 14:34 | ||||||
Objavljeno | 29-10-2024 - 13:15 |