Description
A vulnerability in the GraphCypherQAChain class of langchain-ai/langchainjs versions 0.2.5 and all versions with this class allows for prompt injection, leading to SQL injection.
Recommendation
Update the @langchain/community package to the latest compatible version. Followings are version details:
- Affected version(s): < 0.3.3
- Patched version(s): 0.3.3
References
Related Issues
- mongosh vulnerable to local privilege escalation - CVE-2025-1756
- Nuxt Devtools has a Path Traversal: '../filedir - CVE-2024-23657
- @thi.ng/paths Prototype Pollution vulnerability - CVE-2024-29650
- Incorrect default cookie name and recommendation - Vulnerability
- Tags:
- npm
- @langchain/community
Anything's wrong? Let us know Last updated on November 01, 2024