CVE-2024-7774 [CRITICAL] :

A path traversal vulnerability exists in the `getFullPath` method of langchain-ai/langchainjs version 0.2.5. This vulnerability allows attackers to save files anywhere in the filesystem, overwrite existing text files, read `.txt` files, and delete files. The vulnerability is exploited through the `setFileContent`, `getParsedFile`, and `mdelete` methods, which do not properly sanitize user input.

Analyst 1 Blog

blog
malware
threat

Stay up-to-date with industry insights and trends by reading Analyst1's informative blog. Explore our extensive range of topics and stay informed.

Visit Website

Listed: Fri Aug 23 2024