CVE-2024-10940
Arbitrary File Read vulnerability in langchain-core (PyPI)
What is CVE-2024-10940 About?
This Arbitrary File Read vulnerability in `langchain-core` versions between 0.1.17 and 0.1.53, and other specified ranges, allows unauthorized users to read arbitrary files. It is caused by the ability to create `ImagePromptTemplate`s with input variables that can access host file paths. Exploitation is relatively easy if an attacker can control prompt input variables and view model outputs.
Affected Software
- langchain-core
- >=0.2.0, <0.2.43
- >=0.1.17, <0.1.53
- >=0.3.0, <0.3.15
Technical Details
The vulnerability exists in langchain-core versions >=0.1.17,<0.1.53, >=0.2.0,<0.2.43, and >=0.3.0,<0.3.15. The core issue is that langchain_core.prompts.ImagePromptTemplate (and consequently langchain_core.prompts.ChatPromptTemplate) allows the creation of prompt templates where input variables can be defined to represent arbitrary file paths on the host file system. When these templates are processed, the system attempts to read content from the specified paths. If an attacker can control the values passed into these input variables within a prompt, they can inject paths pointing to sensitive files on the server (e.g., /etc/passwd, private keys). If the outputs of these manipulated prompt templates are subsequently exposed to the attacker, either directly or indirectly through downstream model outputs, the attacker can then retrieve the contents of these arbitrary files, leading to sensitive information disclosure.
What is the Impact of CVE-2024-10940?
Successful exploitation may allow attackers to read arbitrary files from the host file system, leading to information exposure and potential compromise of system confidentiality.
What is the Exploitability of CVE-2024-10940?
Exploitation of this Arbitrary File Read vulnerability is of medium complexity. The attacker needs to be able to supply input to langchain_core.prompts.ImagePromptTemplate or ChatPromptTemplate in a way that allows them to control the values of input variables. This typically implies remote access to an application that exposes an LChain interface. No explicit authentication or privileged access is needed beyond the ability to interact with the application's LChain functionality. The key prerequisite is that the attacker's input to the prompt template is not sufficiently sanitized or validated, allowing file paths to be specified. Additionally, the results of the prompt processing (which would contain the file content if successful) must be returned or exposed to the attacker. Risk factors include applications that use langchain-core in affected versions and allow untrusted users to define or heavily influence prompt template inputs, particularly those involving file-related operations.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2024-10940?
Available Upgrade Options
- langchain-core
- >=0.1.17, <0.1.53 → Upgrade to 0.1.53
- langchain-core
- >=0.2.0, <0.2.43 → Upgrade to 0.2.43
- langchain-core
- >=0.3.0, <0.3.15 → Upgrade to 0.3.15
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://huntr.com/bounties/be1ee1cb-2147-4ff4-a57b-b6045271cf27
- https://github.com/langchain-ai/langchain/commit/c1e742347f9701aadba8920e4d1f79a636e50b68
- https://huntr.com/bounties/be1ee1cb-2147-4ff4-a57b-b6045271cf27
- https://github.com/langchain-ai/langchain/commit/c1e742347f9701aadba8920e4d1f79a636e50b68
- https://github.com/langchain-ai/langchain
- https://osv.dev/vulnerability/GHSA-5chr-fjjv-38qv
- https://github.com/langchain-ai/langchain/commit/7d481f10102f43559cc57bcad7eba291067939ee
- https://nvd.nist.gov/vuln/detail/CVE-2024-10940
- https://github.com/langchain-ai/langchain/commit/e711034713259ae448981bc0fd1d7a5671499c31
What are Similar Vulnerabilities to CVE-2024-10940?
Similar Vulnerabilities: CVE-2021-4191 , CVE-2022-24765 , CVE-2022-26134 , CVE-2023-28185 , CVE-2023-38827
