Sightline

Medium

langchain

Arbitrary File Read via ImagePromptTemplate

A vulnerability in langchain-core versions >=0.1.17,<0.1.53 || >=0.2.0,<0.2.43 || >=0.3.0,<0.3.15 allows unauthorized file reading from the host system. This issue was patched in version 0.3.15.

Available publicly on Feb 09 2025 | Available with Premium on Nov 06 2024

CVE:

CVE-2024-10940

CWE:

497:Exposure of Sensitive System Information to an Unauthorized Control Sphere

CVSS:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Credit:

baskaryan

Assess Detect

Unavailable

Remediate

Threat Overview

The vulnerability allows an attacker to create prompt templates with input variables that can read any user-specified path from the server file system. If the outputs of these templates are exposed to the user, either directly or through a model, the attacker can read the contents of local files. This can lead to exposure of sensitive information stored on the server.

Attack Scenario

An attacker could exploit this vulnerability by creating a prompt template with an image URL variable pointing to a sensitive file on the server. When the template is invoked, the contents of the file are read and encoded in the output. If this output is exposed to the attacker, they can access the sensitive information.

Who is affected

Users of langchain-core versions >=0.1.17,<0.1.53 || >=0.2.0,<0.2.43 || >=0.3.0,<0.3.15 who allow user-specified prompt templates or inputs to prompt templates with image URL variables.

Technical Report

Want more out of Sightline?

Sightline offers even more for premium customers

Go Premium

We have 649- related security advisories that are available with Sightline Premium.