Vulnerabilities

 5 via 6 paths

Dependencies

 197

Source

 GitHub

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications
Severity
  • 1
  • 4
Status
  • 5
  • 0
  • 0

high severity
new

Deserialization of Untrusted Data

  • Vulnerable module: langsmith
  • Introduced through: langchain@0.3.37

Detailed paths

  • Introduced through: mysql-gui@kshashikumar/mysql-gui langchain@0.3.37 langsmith@0.3.87
    Remediation: Upgrade to langchain@1.0.1.

Overview

langsmith is a Client library to connect to the LangSmith Observability and Evaluation Platform.

Affected versions of this package are vulnerable to Deserialization of Untrusted Data when fetching and processing prompt manifests from external sources. An attacker can execute arbitrary code or manipulate application behavior by publishing a crafted prompt manifest that is deserialized without proper validation. This may lead to disclosure of sensitive information, redirection of outbound requests, or execution of attacker-supplied configuration.

Note:

This is only exploitable if the application pulls prompts by owner/name from untrusted or compromised accounts and uses the pulled prompt without independently validating its contents.

Details

Serialization is a process of converting an object into a sequence of bytes which can be persisted to a disk or database or can be sent through streams. The reverse process of creating object from sequence of bytes is called deserialization. Serialization is commonly used for communication (sharing objects between multiple hosts) and persistence (store the object state in a file or a database). It is an integral part of popular protocols like Remote Method Invocation (RMI), Java Management Extension (JMX), Java Messaging System (JMS), Action Message Format (AMF), Java Server Faces (JSF) ViewState, etc.

Deserialization of untrusted data (CWE-502) is when the application deserializes untrusted data without sufficiently verifying that the resulting data will be valid, thus allowing the attacker to control the state or the flow of the execution.

Remediation

Upgrade langsmith to version 0.6.0 or higher.

References

Deserialization of Untrusted Data vulnerability report

medium severity

Server-side Request Forgery (SSRF)

  • Vulnerable module: langsmith
  • Introduced through: langchain@0.3.37

Detailed paths

  • Introduced through: mysql-gui@kshashikumar/mysql-gui langchain@0.3.37 langsmith@0.3.87
    Remediation: Upgrade to langchain@1.0.1.

Overview

langsmith is a Client library to connect to the LangSmith Observability and Evaluation Platform.

Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) due to the improper validation of api_url and api_key fields in baggage headers in RunTree.from_headers() and RunTree.fromHeaders() functions. An attacker can cause the exfiltration of sensitive trace data to attacker-controlled endpoints by injecting arbitrary api_url values through the baggage header, which are then used by the SDK to send run data to malicious URLs.

Note:

This issue affects applications, utilising TracingMiddleware and calling RunTree.from_headers() or RunTree.fromHeaders() with untrusted HTTP headers.

Workaround

For users that are unable to upgrade to the fixed version it is recommended:

  • To strip or validate the baggage header before passing to RunTree.from_headers() or RunTree.fromHeaders();
  • To not use TracingMiddleware with untrusted traffic.

Remediation

Upgrade langsmith to version 0.4.6 or higher.

References

Server-side Request Forgery (SSRF) vulnerability report

medium severity

Insertion of Sensitive Information into Log File

  • Vulnerable module: langsmith
  • Introduced through: langchain@0.3.37

Detailed paths

  • Introduced through: mysql-gui@kshashikumar/mysql-gui langchain@0.3.37 langsmith@0.3.87
    Remediation: Upgrade to langchain@1.0.1.

Overview

langsmith is a Client library to connect to the LangSmith Observability and Evaluation Platform.

Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File through the Client handling of events. An attacker can bypass redaction controls and exfiltrate LLM output by supplying streaming events with kwargs content that gets uploaded as part of a run. This leaks token-by-token model output into traced events, exposing prompt or response data to anyone with access to the stored run records.

Remediation

Upgrade langsmith to version 0.5.19 or higher.

References

Insertion of Sensitive Information into Log File vulnerability report

medium severity

Prototype Pollution

  • Vulnerable module: langsmith
  • Introduced through: langchain@0.3.37

Detailed paths

  • Introduced through: mysql-gui@kshashikumar/mysql-gui langchain@0.3.37 langsmith@0.3.87
    Remediation: Upgrade to langchain@1.0.1.

Overview

langsmith is a Client library to connect to the LangSmith Observability and Evaluation Platform.

Affected versions of this package are vulnerable to Prototype Pollution via constructor.prototype in the baseAssignValue() function. An attacker can modify the Object.prototype by supplying specially crafted keys in processed data, potentially impacting all objects within the Node.js process.

Details

Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as __proto__, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.

There are two main ways in which the pollution of prototypes occurs:

  • Unsafe Object recursive merge

  • Property definition by path

Unsafe Object recursive merge

The logic of a vulnerable recursive merge function follows the following high-level model:

merge (target, source)

  foreach property of source

    if property exists and is an object on both the target and the source

      merge(target[property], source[property])

    else

      target[property] = source[property]

When the source object contains a property named __proto__ defined with Object.defineProperty() , the condition that checks if the property exists and is an object on both the target and the source passes and the merge recurses with the target, being the prototype of Object and the source of Object as defined by the attacker. Properties are then copied on the Object prototype.

Clone operations are a special sub-class of unsafe recursive merges, which occur when a recursive merge is conducted on an empty object: merge({},source).

lodash and Hoek are examples of libraries susceptible to recursive merge attacks.

Property definition by path

There are a few JavaScript libraries that use an API to define property values on an object based on a given path. The function that is generally affected contains this signature: theFunction(object, path, value)

If the attacker can control the value of “path”, they can set this value to __proto__.myValue. myValue is then assigned to the prototype of the class of the object.

Types of attacks

There are a few methods by which Prototype Pollution can be manipulated:

Type Origin Short description
Denial of service (DoS) Client This is the most likely attack.
DoS occurs when Object holds generic functions that are implicitly called for various operations (for example, toString and valueOf).
The attacker pollutes Object.prototype.someattr and alters its state to an unexpected value such as Int or Object. In this case, the code fails and is likely to cause a denial of service.
For example: if an attacker pollutes Object.prototype.toString by defining it as an integer, if the codebase at any point was reliant on someobject.toString() it would fail.
Remote Code Execution Client Remote code execution is generally only possible in cases where the codebase evaluates a specific attribute of an object, and then executes that evaluation.
For example: eval(someobject.someattr). In this case, if the attacker pollutes Object.prototype.someattr they are likely to be able to leverage this in order to execute code.
Property Injection Client The attacker pollutes properties that the codebase relies on for their informative value, including security properties such as cookies or tokens.
For example: if a codebase checks privileges for someuser.isAdmin, then when the attacker pollutes Object.prototype.isAdmin and sets it to equal true, they can then achieve admin privileges.

Affected environments

The following environments are susceptible to a Prototype Pollution attack:

  • Application server

  • Web server

  • Web browser

How to prevent

  1. Freeze the prototype— use Object.freeze (Object.prototype).

  2. Require schema validation of JSON input.

  3. Avoid using unsafe recursive merge functions.

  4. Consider using objects without prototypes (for example, Object.create(null)), breaking the prototype chain and preventing pollution.

  5. As a best practice use Map instead of Object.

For more information on this vulnerability type:

Arteau, Olivier. “JavaScript prototype pollution attack in NodeJS application.” GitHub, 26 May 2018

Remediation

Upgrade langsmith to version 0.5.18 or higher.

References

Prototype Pollution vulnerability report

medium severity
new

Improper Validation of Specified Index, Position, or Offset in Input

  • Vulnerable module: uuid
  • Introduced through: langchain@0.3.37

Detailed paths

  • Introduced through: mysql-gui@kshashikumar/mysql-gui langchain@0.3.37 uuid@10.0.0
    Remediation: Upgrade to langchain@1.2.28.
  • Introduced through: mysql-gui@kshashikumar/mysql-gui langchain@0.3.37 langsmith@0.3.87 uuid@10.0.0
    Remediation: Upgrade to langchain@1.0.1.

Overview

uuid is a RFC4122 (v1, v4, and v5) compliant UUID library.

Affected versions of this package are vulnerable to Improper Validation of Specified Index, Position, or Offset in Input due to accepting external output buffers but not rejecting out-of-range writes (small buf or large offset). This inconsistency allows silent partial writes into caller-provided buffers.

PoC

cd /home/StrawHat/uuid
npm ci
npm run build

node --input-type=module -e "
import {v4,v5,v6} from './dist-node/index.js';
const ns='6ba7b810-9dad-11d1-80b4-00c04fd430c8';
for (const [name,fn] of [
  ['v4',()=>v4({},new Uint8Array(8),4)],
  ['v5',()=>v5('x',ns,new Uint8Array(8),4)],
  ['v6',()=>v6({},new Uint8Array(8),4)],
]) {
  try { fn(); console.log(name,'NO_THROW'); }
  catch(e){ console.log(name,'THREW',e.name); }
}"

Remediation

Upgrade uuid to version 11.1.1, 14.0.0 or higher.

References

Improper Validation of Specified Index, Position, or Offset in Input vulnerability report