CVE-2024-1455
XML External Entity (XXE) vulnerability in langchain-core (PyPI)
What is CVE-2024-1455 About?
The `XMLOutputParser` in LangChain uses Python's standard `etree` module, which is susceptible to XML vulnerabilities when processing untrusted input. A malicious actor can manipulate an LLM to generate a malicious payload for the parser, leading to compromise of service availability. This vulnerability is moderately complex to exploit, requiring specific conditions.
Affected Software
Technical Details
The vulnerability resides in LangChain's XMLOutputParser due to its underlying use of Python's standard library etree XML parser, which is known to have inherent XML vulnerabilities (e.g., XML External Entity (XXE) or denial-of-service via large XML documents/billion laughs attacks). The attack flow involves a malicious party attempting to manipulate a Large Language Model (LLM) (or agent) to produce an XML payload specifically designed to trigger these vulnerabilities within the XMLOutputParser. For example, an attacker could induce the LLM to generate an XML External Entity (XXE) payload within its output. When this crafted XML is then fed into the XMLOutputParser, the etree module processes it, potentially leading to unauthorized file access, server-side request forgery, or resource exhaustion, thereby compromising the availability of the web service exposing this component.
What is the Impact of CVE-2024-1455?
Successful exploitation may allow attackers to compromise the availability of the service by causing resource exhaustion or potentially facilitate information disclosure through XML External Entity (XXE) attacks. This can lead to denial of service, data exfiltration, or internal network reconnaissance.
What is the Exploitability of CVE-2024-1455?
Exploitation of this vulnerability is of moderate complexity, as it relies on several conditions. The target system must be using the XMLOutputParser in LangChain. The attacker needs to be able to either directly provide malicious input to the XMLOutputParser or, more subtly, manipulate an LLM to generate such a malicious XML payload. Finally, the component must be exposed via a web service for remote exploitation. No specific authentication or privilege is required for the attacker to attempt to manipulate the LLM's output. This is a remote attack. The primary risk factors include the LLM's susceptibility to prompt injection or manipulation and the XMLOutputParser's failure to adequately sanitize or disable dangerous features within its underlying XML parser when handling LLM-generated output.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2024-1455?
Available Upgrade Options
- langchain-core
- <0.1.35 → Upgrade to 0.1.35
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://github.com/langchain-ai/langchain/pull/19653
- https://huntr.com/bounties/4353571f-c70d-4bfd-ac08-3a89cecb45b6
- https://github.com/langchain-ai/langchain/commit/727d5023ce88e18e3074ef620a98137d26ff92a3
- https://github.com/langchain-ai/langchain/pull/19660
- https://github.com/langchain-ai/langchain/commit/727d5023ce88e18e3074ef620a98137d26ff92a3
- https://github.com/langchain-ai/langchain
- https://osv.dev/vulnerability/GHSA-q84m-rmw3-4382
- https://huntr.com/bounties/4353571f-c70d-4bfd-ac08-3a89cecb45b6
- https://github.com/langchain-ai/langchain/pull/17250
- https://nvd.nist.gov/vuln/detail/CVE-2024-1455
What are Similar Vulnerabilities to CVE-2024-1455?
Similar Vulnerabilities: CVE-2023-47248 , CVE-2024-11394 , CVE-2023-7018 , CVE-2023-6975 , CVE-2022-24921
