Medium osv · GHSA-f2jm-rw3h-6phg

LangChain pickle deserialization of untrusted data

Published Sep 17, 2024 CVSS 4.0

A vulnerability in the FAISS.deserialize_from_bytes function of langchain-ai/langchain allows for pickle deserialization of untrusted data. This can lead to the execution of arbitrary commands via the os.system function. The issue affects versions prior to 0.2.4.

Remote Code Execution

Affected AI Products

langchain-community

View original source

Get the weekly digest. Every Monday: top AI security stories of the week. Free.