VDB
CVE-2024-7042
CVE-2024-7042
PUBLISHED
CVSS 4.900000095367432 MEDIUM
@langchain/community SQL Injection vulnerability
EPSS 0.06% · 19.5th percentile
Risk Scores
CVSS v3.0
4.900000095367432
CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
EPSS Score
0.06%
19.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| langchain-ai | langchainjs | 0 |
| langchain | community | 0 |
| langchain | langchain | 0 |
| langchain-ai | langchain-ai/langchainjs | unspecified |
Timeline
- Oct 29, 2024 CVE Published
- Oct 29, 2024 Coalition ESS Score
- Oct 29, 2024 Coalition ESS Score
- Oct 30, 2024 EPSS Score
- Oct 31, 2024 Coalition ESS Score
- Nov 1, 2024 CVE Updated
- Nov 7, 2024 Coalition ESS Score
- Nov 17, 2024 EPSS Score
- Dec 6, 2024 EPSS Score
- Dec 24, 2024 EPSS Score
- Jan 11, 2025 EPSS Score
- Jan 30, 2025 EPSS Score
References
- https://huntr.com/bounties/b612defb-1104-4fff-9fef-001ab07c7b2d url
- https://github.com/langchain-ai/langchainjs/commit/615b9d9ab30a2d23a2f95fb8d7acfdf4b41ad7a6 url
- https://nvd.nist.gov/vuln/detail/CVE-2024-7042 advisory
- https://github.com/langchain-ai/langchainjs package
- https://github.com/pypa/advisory-database/tree/main/vulns/langchain/PYSEC-2024-114.yaml url