CVE-2024-7774 [CRITICAL] :

A path traversal vulnerability exists in the `getFullPath` method of langchain-ai/langchainjs version 0.2.5. This vulnerability allows attackers to save files anywhere in the filesystem, overwrite existing text files, read `.txt` files, and delete files. The vulnerability is exploited through the `setFileContent`, `getParsedFile`, and `mdelete` methods, which do not properly sanitize user input.

Unsupervised Learning

ai
news

Unsupervised Learning is a Security, AI, and Meaning-focused company/newsletter/podcast that looks at how best to thrive in a post-AI world. It combines original ideas and analysis to bring not just the news—but why it matters, and how to respond.

Visit Website

Listed: Sun Nov 12 2023