Two vulnerabilities have been identified by Palo Alto Networks researchers (CVE-2023-46229 and CVE-2023-44467) that exist in LangChain, an open-source computing framework for generative artificial intelligence that is available on GitHub. The vulnerabilities that affect various products are CVE-2023-46229. It is known as the CVE-2023-46229 or Server Side Request Forgery (SSRF) bug and is an online security vulnerability that affects a wide range of products due to a vulnerability triggered in one of these products.
It should be noted that LangChain versions before 0.0.317 are particularly susceptible to this issue, with the recursive_url_loader.py module being used in the affected products. SSRF attacks can be carried out using this vulnerability, which will allow an external server to crawl and access an internal server, giving rise to SSRF attacks. It is quite clear that this possibility poses a significant risk to a company as it can open up the possibility of unauthorized access to sensitive information, compromise the integrity of internal systems, and lead to the possible disclosure of sensitive information.
As a precautionary measure, organizations are advised to apply the latest updates and patches provided by LangChain to address and strengthen their security posture to solve the SSRF vulnerability. CVE-2023-44467 (or langchain_experimental) refers to a hypervulnerability that affects LangChain versions 0.0.306 and older. It is also known as a cyberattack vulnerability. By using import in Python code, attackers can bypass the CVE-2023-36258 fix and execute arbitrary code even though it was tested with CVE-2023.
It should be noted that pal_chain/base.py does not prohibit exploiting this vulnerability.
In terms of exploitability, the score is 3.9 out of 10, with a base severity of CRITICAL, and a base score of 9.8 out of 10. The attack has no privilege requirements, and no user interaction is required, and it can be launched from the network. It is important to note that the impact has a high level of integrity and confidentiality as well as a high level of availability.
Organizers should start taking action as soon as possible to make sure their systems and data are protected from damage or unauthorized access by exploiting this vulnerability.
LangChain versions before 0.0.317 are vulnerable to these vulnerabilities. It is recommended that users and administrators of affected versions of the affected products update their products immediately to the latest version.
The first vulnerability, about which we have been alerted, is a critical prompt injection flaw in PALChain, a Python library that LangChain uses to generate code. The flaw has been tracked as CVE-2023-44467. Essentially, the researchers exploited this flaw by altering the functionality of two security functions within the from_math_prompt method, in which the user's query is translated into Python code capable of being run.
The researchers used the two security functions to alter LangChain's validation checks, and it also decreased its ability to detect dangerous functions by setting the two values to false; as a result, they were able to execute the malicious code as a user-specified action on LangChain.
In the time of OpenSSL, LangChain is an open-source library that is designed to make complex large language models (LLMs) easier to use.
LangChain provides a multitude of composable building blocks, including connectors to models, integrations with third-party services, and tool interfaces usable by large language models (LLMs). Users can build chains using these components to augment LLMs with capabilities such as retrieval-augmented generation (RAG). This technique supplies additional knowledge to large language models, incorporating data from sources such as private internal documents, the latest news, or blogs.
Application developers can leverage these components to integrate advanced LLM capabilities into their applications. Initially, during its training phase, the model relied solely on the data available at that time. However, by connecting the basic large language model to LangChain and integrating RAG, the model can now access the latest data, allowing it to provide answers based on the most current information available.
LangChain has garnered significant popularity within the community. As of May 2024, it boasts over 81,900 stars and more than 2,550 contributors to its core repository. The platform offers numerous pre-built chains within its repository, many of which are community-contributed. Developers can directly use these chains in their applications, thus minimizing the need to construct and test their own LLM prompts.
Researchers from Palo Alto Networks have identified vulnerabilities within LangChain and LangChain Experimental.
A comprehensive analysis of these vulnerabilities is provided. LangChain’s website claims that over one million developers utilize its frameworks for LLM application development. Partner packages for LangChain include major names in the cloud, AI, databases, and other technological development sectors.
Two specific vulnerabilities were identified that could have allowed attackers to execute arbitrary code and access sensitive data.
LangChain has issued patches to address these issues. The article offers a thorough technical examination of these security flaws and guides mitigating similar threats in the future. Palo Alto Networks encourages LangChain users to download the latest version of the product to ensure that these vulnerabilities are patched.
Palo Alto Networks' customers benefit from enhanced protection against attacks utilizing CVE-2023-46229 and CVE-2023-44467.
The Next-Generation Firewall with Cloud-Delivered Security Services, including Advanced Threat Prevention, can identify and block command injection traffic. Prisma Cloud aids in protecting cloud platforms from these attacks, while Cortex XDR and XSIAM protect against post-exploitation activities through a multi-layered protection approach. Precision AI-powered products help to identify and block AI-generated attacks, preventing the acceleration of polymorphic threats.
One vulnerability, tracked as CVE-2023-46229, affects a LangChain feature called SitemapLoader, which scrapes information from various URLs to compile it into a PDF. The vulnerability arises from SitemapLoader's capability to retrieve information from every URL it receives. A supporting utility called scrape_all gathers data from each URL without filtering or sanitizing it. This flaw could allow a malicious actor to include URLs pointing to intranet resources within the provided sitemap, potentially resulting in server-side request forgery and the unintentional leakage of sensitive data when the content from these URLs is fetched and returned.
Researchers indicated that threat actors could exploit this flaw to extract sensitive information from limited-access application programming interfaces (APIs) of an organization or other back-end environments that the LLM interacts with. To mitigate this vulnerability, LangChain introduced a new function called extract_scheme_and_domain and an allowlist to enable users to control domains.
Both Palo Alto Networks and LangChain urged immediate patching, particularly as companies hasten to deploy AI solutions. It remains unclear whether threat actors have exploited these flaws. LangChain did not immediately respond to requests for comment.
