Medium

langchain

XSS via chat information tooltip

A pickle deserialization vulnerability in the FAISS.deserialize_from_bytes function of the latest version of the software allows attackers to execute arbitrary commands. This issue was patched in version 0.2.9.

Available publicly on Sep 17 2024

5.2

CVSS:

CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L

Credit:

cn-panda
Threat Overview

The vulnerability arises from the FAISS.deserialize_from_bytes function, which deserializes data using Python's pickle module. Pickle deserialization is inherently unsafe when handling untrusted data, as it can execute arbitrary code. An attacker can craft a malicious serialized object that, when deserialized, executes arbitrary commands on the host system. This can lead to severe consequences, including remote code execution.

Attack Scenario

An attacker crafts a malicious serialized object using Python's pickle module. This object is designed to execute a command, such as making a network request or running a shell command. The attacker then base64 encodes this serialized object and provides it to a victim who uses the FAISS.deserialize_from_bytes function to deserialize it. Upon deserialization, the malicious code is executed, allowing the attacker to run arbitrary commands on the victim's system.

Who is affected

Users of the langchain-ai/langchain library who utilize the FAISS.deserialize_from_bytes function to deserialize data are affected. This includes developers and applications that rely on this function to handle serialized data.

Technical Report
Want more out of Sightline?

Sightline offers even more for premium customers

Go Premium

We have - related security advisories that are available with Sightline Premium.