{"data":{"id":"e9a06f0a-1cb5-4ebd-890b-df8d4860146d","title":"GHSA-8g29-8xwr-qmhr: @grackle-ai/server JSON.parse lacks try-catch logic in its gRPC Service AdapterConfig Handling","summary":"A vulnerability in the @grackle-ai/server package fails to handle errors when parsing JSON configuration data in three locations within its gRPC service (a remote procedure call system for inter-process communication). If the underlying SQLite database becomes corrupted or enters an unexpected state, the code could crash without gracefully reporting an error, and the unvalidated parsed data could theoretically be exploited if the database is compromised.","solution":"Wrap the JSON.parse() calls in try-catch blocks to handle errors gracefully. The source provides this exact fix: 'let config: Record<string, unknown>; try { config = JSON.parse(env.adapterConfig) as Record<string, unknown>; } catch { throw new ConnectError(\"Invalid adapter configuration\", Code.Internal); }' Apply this pattern to all three affected locations in packages/server/src/grpc-service.ts (lines 415, 482, and 498).","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-8g29-8xwr-qmhr","publishedAt":"2026-03-25T17:33:01.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":"low","severity":"low","attackType":["denial_of_service"],"issueType":"vulnerability","affectedPackages":["@grackle-ai/server@<= 0.70.5 (fixed: 0.70.6)"],"affectedVendors":["LangChain"],"affectedVendorsRaw":["Grackle AI"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":true,"disclosureDate":"2026-03-25T17:33:01.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["availability","integrity"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.75,"researchCategory":null,"atlasIds":null}}