1Mar
CVE-2024-2057 | Harrison Chase LangChain 0.1.9 tfidf.py load_local server-side request forgery
A vulnerability was found in Harrison Chase LangChain 0.1.9. It has been classified as critical. Affected is the functionload_local
in the library libs/community/langchain_community/retrievers/tfidf.py. The manipulation leads to server-side request forgery.
This vulnerability is traded as CVE-2024-2057. It is possible to launch the attack remotely. Furthermore, there is an exploit available.