A vulnerability in the GraphCypherQAChain class of langchain-ai/langchain version 0.2.5 allows for SQL injection through prompt injection. This vulnerability can lead to unauthorized data manipulation, data exfiltration, denial of service (DoS) by deleting all data, breaches in multi-tenant security environments, and data integrity issues. Attackers can create, update, or delete nodes and relationships without proper authorization, extract sensitive data, disrupt services, access data across different tenants, and compromise the integrity of the database.
An attacker can inject malicious instructions through the prompt injection mechanism, which are then passed without proper sanitization to queries executed by the GraphCypherQAChain class. Lack of proper input validation (CWE-89, CWE-74) allows embedding arbitrary commands in the context of graph database queries. As a result, an attacker can perform operations to create, modify, and delete nodes and relationships in the database without required authorization.
An attacker can conduct unauthorized exfiltration of sensitive data, delete all data causing a DoS attack, breach data isolation in multi-tenant environments, and compromise database integrity by creating, updating, or deleting nodes and relationships.
Apply patches available from the vendor according to references — fix available in the GitHub repository under commit c2a3021bb0c5f54649d380b42a0684ca5778c255
langchain-ai/langchain version 0.2.5, GraphCypherQAChain component
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HLangchain
APPLangchain0.2.5
Related vulnerabilities
SSRF w LangChain RequestsToolkit — dostęp do sieci wewnętrznej i metadanych chmury
SQL injection przez prompt injection w LangChain GraphCypherQAChain
An issue in LanChain-ai Langchain v.0.0.245 allows a remote attacker to execute arbitrary code via the evaluat...
An issue in langchain v.0.0.171 allows a remote attacker to execute arbitrary code via a JSON file to load_pro...
An issue in LangChain v.0.0.231 allows a remote attacker to execute arbitrary code via the prompt parameter.