The vulnerability arises from the FAISS.deserialize_from_bytes function, which deserializes data using Python's pickle module. Pickle deserialization is inherently unsafe when handling untrusted data, as it can execute arbitrary code. An attacker can craft a malicious serialized object that, when deserialized, executes arbitrary commands on the host system. This can lead to severe consequences, including remote code execution.

An attacker crafts a malicious serialized object using Python's pickle module. This object is designed to execute a command, such as making a network request or running a shell command. The attacker then base64 encodes this serialized object and provides it to a victim who uses the FAISS.deserialize_from_bytes function to deserialize it. Upon deserialization, the malicious code is executed, allowing the attacker to run arbitrary commands on the victim's system.

Users of the langchain-ai/langchain library who utilize the FAISS.deserialize_from_bytes function to deserialize data are affected. This includes developers and applications that rely on this function to handle serialized data.