{"data":{"id":"17393471-2274-41bb-96eb-b20869d0cd81","title":"CVE-2024-2057: A vulnerability was found in LangChain langchain_community 0.0.26. It has been classified as critical. Affected is the f","summary":"A critical vulnerability was found in LangChain's langchain_community library version 0.0.26 in the TFIDFRetriever component (a tool that retrieves relevant documents for AI systems). The flaw allows server-side request forgery (SSRF, where an attacker tricks a server into making unwanted network requests on their behalf), and it can be exploited remotely.","solution":"Upgrading to version 0.0.27 addresses this issue.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2024-2057","publishedAt":"2024-03-01T17:15:48.670Z","cveId":"CVE-2024-2057","cweIds":["CWE-918"],"cvssScore":"6.3","cvssSeverity":"medium","severity":"medium","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["LangChain"],"affectedVendorsRaw":["LangChain","langchain_community"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00046,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-664"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"rag","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}