CVE-2024-7774

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-7774
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-7774.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-7774
Aliases
Downstream
Related
Published
2024-10-29T12:49:21.165Z
Modified
2026-05-16T03:56:00.809040130Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
Summary
Path Traversal in langchain-ai/langchainjs
Details

A path traversal vulnerability exists in the getFullPath method of langchain-ai/langchainjs version 0.2.5. This vulnerability allows attackers to save files anywhere in the filesystem, overwrite existing text files, read .txt files, and delete files. The vulnerability is exploited through the setFileContent, getParsedFile, and mdelete methods, which do not properly sanitize user input.

Database specific 
{
    "cwe_ids": [
        "CWE-29"
    ],
    "cna_assigner": "@huntr_ai",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/7xxx/CVE-2024-7774.json"
}
References

Affected packages