A vulnerability in the langchain-ai/langchain repository allows for a Billion Laughs Attack, a type of XML External Entity (XXE) exploitation. By nesting multiple layers of entities within an XML document, an attacker can cause the XML parser to consume excessive CPU and memory resources, leading to a denial of service (DoS).
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: @huntr_ai

Published: 2024-03-26T14:03:46.647Z

Updated: 2024-08-15T15:56:19.154Z

Reserved: 2024-02-12T16:51:50.188Z

Link: CVE-2024-1455

cve-icon Vulnrichment

Updated: 2024-08-01T18:40:21.288Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-03-26T14:15:08.450

Modified: 2024-11-21T08:50:37.310

Link: CVE-2024-1455

cve-icon Redhat

No data.