GHSA-qmgv-j263-qr33
Suggest an improvement- Source
- https://github.com/advisories/GHSA-qmgv-j263-qr33
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/06/GHSA-qmgv-j263-qr33/GHSA-qmgv-j263-qr33.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-qmgv-j263-qr33
- Aliases
- Published
- 2025-06-29T09:30:22Z
- Modified
- 2025-09-16T20:27:29.330748Z
- Severity
-
- 6.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
- 2.1 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
- Summary
- Langchain-Chatchat has a Path Traversal vulnerability
- Details
-
A vulnerability classified as critical has been found in chatchat-space Langchain-Chatchat up to 0.3.1. This affects the function uploadtempdocs of the file /knowledgebase/uploadtemp_docs of the component Backend. The manipulation of the argument flag leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
- Database specific
{ "cwe_ids": [ "CWE-22" ], "github_reviewed_at": "2025-09-16T19:32:50Z", "nvd_published_at": "2025-06-29T08:15:21Z", "severity": "LOW", "github_reviewed": true }- References
Affected packages
PyPI / langchain-chatchat
Package
- Name
- langchain-chatchat
- View open source insights on deps.dev
- Purl
- pkg:pypi/langchain-chatchat
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedLast affected0.3.1.3
Affected versions
0.*
0.3.0
0.3.0.20240506
0.3.0.20240606
0.3.0.20240610
0.3.0.20240610.1
0.3.0.20240611
0.3.0.20240612
0.3.0.20240612.1
0.3.0.20240612.2
0.3.0.20240612.3
0.3.0.20240612.4
0.3.0.20240616
0.3.0.20240618
0.3.0.20240619
0.3.0.20240621
0.3.0.20240621.3
0.3.0.20240625
0.3.0.20240625.1
0.3.1
0.3.1.1
0.3.1.2
0.3.1.3