CVE-2024-3095

A Server-Side Request Forgery (SSRF) vulnerability exists in the Web Research Retriever component of langchain-ai/langchain version 0.1.5. The vulnerability arises because the Web Research Retriever does not restrict requests to remote internet addresses, allowing it to reach local addresses. This flaw enables attackers to execute port scans, access local services, and in some scenarios, read instance metadata from cloud environments. The vulnerability is particularly concerning as it can be exploited to abuse the Web Explorer server as a proxy for web attacks on third parties and interact with servers in the local network, including reading their response data. This could potentially lead to arbitrary code execution, depending on the nature of the local services. The vulnerability is limited to GET requests, as POST requests are not possible, but the impact on confidentiality, integrity, and availability is significant due to the potential for stolen credentials and state-changing interactions with internal APIs.

CVSS v3 7.7 HIGH

7.7^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.1 / Impact : 4.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://huntr.com/bounties/e62d4895-2901-405b-9559-38276b6a5273	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:langchain:langchain:*:*:*:*:*:*:*:*

History

17 Oct 2024, 19:44

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~4.8~~	v2 : unknown v3 : 7.7
CPE		cpe:2.3:a:langchain:langchain::::::::
References	~~() https://huntr.com/bounties/e62d4895-2901-405b-9559-38276b6a5273 -~~	() https://huntr.com/bounties/e62d4895-2901-405b-9559-38276b6a5273 - Exploit, Third Party Advisory
First Time		Langchain langchain Langchain

07 Jun 2024, 14:56

Type	Values Removed	Values Added
Summary		(es) Existe una vulnerabilidad de Server-Side Request Forgery (SSRF) en el componente Web Research Retriever de langchain-ai/langchain versión 0.1.5. La vulnerabilidad surge porque Web Research Retriever no restringe las solicitudes a direcciones de Internet remotas, lo que le permite llegar a direcciones locales. Esta falla permite a los atacantes ejecutar escaneos de puertos, acceder a servicios locales y, en algunos escenarios, leer metadatos de instancias de entornos de nube. La vulnerabilidad es particularmente preocupante ya que puede explotarse para abusar del servidor Web Explorer como proxy para ataques web a terceros e interactuar con servidores en la red local, incluida la lectura de sus datos de respuesta. Esto podría conducir potencialmente a la ejecución de código arbitrario, dependiendo de la naturaleza de los servicios locales. La vulnerabilidad se limita a las solicitudes GET, ya que las solicitudes POST no son posibles, pero el impacto en la confidencialidad, la integridad y la disponibilidad es significativo debido al potencial de robo de credenciales e interacciones de cambio de estado con las API internas.

06 Jun 2024, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-06-06 19:15

Updated : 2024-10-17 19:44

NVD link : CVE-2024-3095

Mitre link : CVE-2024-3095

CVE.ORG link : CVE-2024-3095

JSON object : View

Products Affected

langchain

langchain

CWE

CWE-918

Server-Side Request Forgery (SSRF)

7.7 /10