CVE-2024-7042

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-7042

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-7042.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-7042

Aliases

GHSA-6m59-8fmv-m5f9

Related

CGA-j4g6-7pj6-6xhm

Published

2024-10-29T13:15:08.883Z

Modified

2026-02-24T07:45:24.137154Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A vulnerability in the GraphCypherQAChain class of langchain-ai/langchainjs versions 0.2.5 and all versions with this class allows for prompt injection, leading to SQL injection. This vulnerability permits unauthorized data manipulation, data exfiltration, denial of service (DoS) by deleting all data, breaches in multi-tenant security environments, and data integrity issues. Attackers can create, update, or delete nodes and relationships without proper authorization, extract sensitive data, disrupt services, access data across different tenants, and compromise the integrity of the database.

References

Affected packages

Git / github.com/langchain-ai/langchainjs

Affected ranges

Type: GIT
Repo: https://github.com/langchain-ai/langchainjs
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

615b9d9ab30a2d23a2f95fb8d7acfdf4b41ad7a6

Affected versions

0.*

0.0.100

0.0.101

0.0.102

0.0.103

0.0.104

0.0.105

0.0.106

0.0.107

0.0.108

0.0.109

0.0.11

0.0.110

0.0.111

0.0.112

0.0.113

0.0.114

0.0.115

0.0.116

0.0.117

0.0.118

0.0.119

0.0.120

0.0.121

0.0.122

0.0.123

0.0.124

0.0.125

0.0.126

0.0.127

0.0.128

0.0.129

0.0.130

0.0.131

0.0.132

0.0.133

0.0.134

0.0.135

0.0.136

0.0.137

0.0.138

0.0.139

0.0.14

0.0.140

0.0.141

0.0.142

0.0.143

0.0.144

0.0.145

0.0.146

0.0.147

0.0.148

0.0.149

0.0.150

0.0.151

0.0.152

0.0.153

0.0.154

0.0.155

0.0.156

0.0.157

0.0.158

0.0.159

0.0.16

0.0.160

0.0.161

0.0.162

0.0.163

0.0.164

0.0.165

0.0.166

0.0.167

0.0.168

0.0.169

0.0.17

0.0.170

0.0.171

0.0.172

0.0.173

0.0.174

0.0.175

0.0.176

0.0.177

0.0.178

0.0.179

0.0.18

0.0.180

0.0.181

0.0.182

0.0.183

0.0.184

0.0.185

0.0.186

0.0.187

0.0.188

0.0.189

0.0.19

0.0.190

0.0.191

0.0.192

0.0.193

0.0.194

0.0.195

0.0.196

0.0.197

0.0.198

0.0.199

0.0.200

0.0.201

0.0.202

0.0.203

0.0.204

0.0.205

0.0.206

0.0.207

0.0.208

0.0.209

0.0.210

0.0.211

0.0.212

0.0.213

0.0.214

0.0.48

0.0.49-0

0.0.49-1

0.0.50

0.0.51

0.0.52

0.0.52-0

0.0.53

0.0.54

0.0.55

0.0.56

0.0.57

0.0.58

0.0.59

0.0.60

0.0.61

0.0.62

0.0.63

0.0.64

0.0.65

0.0.66

0.0.67

0.0.68

0.0.69

0.0.70

0.0.71

0.0.72

0.0.73

0.0.74

0.0.75

0.0.76

0.0.77

0.0.78

0.0.79

0.0.80

0.0.81

0.0.82

0.0.83

0.0.84

0.0.85

0.0.86

0.0.87

0.0.88

0.0.89

0.0.90

0.0.91

0.0.92

0.0.93

0.0.94

0.0.95

0.0.96

0.0.97

0.0.98

0.0.99

0.1.0

0.1.1

0.1.10

0.1.11

0.1.12

0.1.13

0.1.14

0.1.15

0.1.16

0.1.18

0.1.19

0.1.2

0.1.20

0.1.21

0.1.22

0.1.26

0.1.27

0.1.28

0.1.29

0.1.3

0.1.30

0.1.31

0.1.32

0.1.33

0.1.34

0.1.35

0.1.36

0.1.4

0.1.5

0.1.6

0.1.7

0.1.8

0.1.9

0.2.0@next

0.2.1

0.2.10

0.2.11

0.2.13

0.2.14

0.2.15

0.2.16

0.2.18

0.2.19

0.2.2

0.2.3

0.2.4

0.2.5

0.2.6

0.2.7

0.2.8

0.2.9

0.3.0

0.3.1

0.3.2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-7042.json"