A vulnerability in the GraphCypherQAChain class of langchain-ai/langchainjs versions 0.2.5 and all versions with this class allows for prompt injection, leading to SQL injection. This vulnerability permits unauthorized data manipulation, data exfiltration, denial of service (DoS) by deleting all data, breaches in multi-tenant security environments, and data integrity issues. Attackers can create, update, or delete nodes and relationships without proper authorization, extract sensitive data, disrupt services, access data across different tenants, and compromise the integrity of the database.
An attacker without any permissions and without user interaction can inject malicious data into the prompt handled by the GraphCypherQAChain class, resulting in execution of unintended database queries (SQL injection). Lack of proper input validation and sanitization allows manipulation of queries directed to the graph database. As a result, it is possible to create, modify, and delete nodes and relationships without authorization.
An attacker can perform unauthorized data manipulation, exfiltrate sensitive information, destroy all data in the database (DoS), gain access to data of other tenants in multi-tenant environments, and compromise the integrity of the entire database.
Patches available from the vendor should be applied according to references — available fix commit: https://github.com/langchain-ai/langchainjs/commit/615b9d9ab30a2d23a2f95fb8d7acfdf4b41ad7a6. It is recommended to update the library to a version containing the fix as soon as possible.
langchain-ai/langchainjs version 0.2.5 and all versions containing the GraphCypherQAChain class
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HLangchain
APPLangchain< 0.3.1
Related vulnerabilities
SSRF w LangChain RequestsToolkit — dostęp do sieci wewnętrznej i metadanych chmury
SQL injection przez prompt injection w LangChain GraphCypherQAChain
An issue in LanChain-ai Langchain v.0.0.245 allows a remote attacker to execute arbitrary code via the evaluat...
An issue in langchain v.0.0.171 allows a remote attacker to execute arbitrary code via a JSON file to load_pro...
An issue in LangChain v.0.0.231 allows a remote attacker to execute arbitrary code via the prompt parameter.