Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-f71e-h861-6qh6
SummaryLangChain versions up to and including 0.3.1 contain a regular expression denial-of-service (ReDoS) vulnerability in the MRKLOutputParser.parse() method (libs/langchain/langchain/agents/mrkl/output_parser.py). The parser applies a backtracking-prone regular expression when extracting tool actions from model output. An attacker who can supply or influence the parsed text (for example via prompt injection in downstream applications that pass LLM output directly into MRKLOutputParser.parse()) can trigger excessive CPU consumption by providing a crafted payload, causing significant parsing delays and a denial-of-service condition.
Aliases
0
alias CVE-2024-58340
1
alias PYSEC-2026-75
Fixed_packages
0
url pkg:pypi/langchain-exa@1.0.0a1
purl pkg:pypi/langchain-exa@1.0.0a1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langchain-exa@1.0.0a1
Affected_packages
0
url pkg:pypi/langchain-exa@0.0.1
purl pkg:pypi/langchain-exa@0.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-f71e-h861-6qh6
1
vulnerability VCID-u29a-rxyq-aubh
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langchain-exa@0.0.1
1
url pkg:pypi/langchain-exa@0.1.0
purl pkg:pypi/langchain-exa@0.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-f71e-h861-6qh6
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langchain-exa@0.1.0
2
url pkg:pypi/langchain-exa@0.2.0
purl pkg:pypi/langchain-exa@0.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-f71e-h861-6qh6
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langchain-exa@0.2.0
3
url pkg:pypi/langchain-exa@0.2.1
purl pkg:pypi/langchain-exa@0.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-f71e-h861-6qh6
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langchain-exa@0.2.1
4
url pkg:pypi/langchain-exa@0.3.0
purl pkg:pypi/langchain-exa@0.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-f71e-h861-6qh6
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langchain-exa@0.3.0
5
url pkg:pypi/langchain-exa@0.3.1
purl pkg:pypi/langchain-exa@0.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-f71e-h861-6qh6
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langchain-exa@0.3.1
References
0
reference_url https://github.com/langchain-ai/langchain
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://github.com/langchain-ai/langchain
1
reference_url https://huntr.com/bounties/e7ece02c-d4bb-4166-8e08-6baf4f8845bb
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://huntr.com/bounties/e7ece02c-d4bb-4166-8e08-6baf4f8845bb
2
reference_url https://www.langchain.com/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://www.langchain.com/
3
reference_url https://www.vulncheck.com/advisories/langchain-mrkloutputparser-redos
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://www.vulncheck.com/advisories/langchain-mrkloutputparser-redos
Weaknesses
Exploits
Severity_range_score7.5 - 7.5
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-f71e-h861-6qh6