chatchat-space Langchain-Chatchat files path traversal

June 29, 2025 invoker category_cve

CVE Details

Basic Information

Title chatchat-space Langchain-Chatchat files path traversal
Type cve
Published 2025-06-29T08:31:04.802Z
Last Seen

Product Information

Vendor chatchat-space
Product Langchain-Chatchat
Version 0.3.0

CVSS Information

Base Score 5.3 (MEDIUM)
Attack Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
Confidentiality Impact
Integrity Impact
Availability Impact

AI Analysis

AI Description A path traversal vulnerability in Langchain-Chatchat allows remote attackers to access unauthorized files by manipulating file paths.
AI Severity Medium
Vendor chatchat-space
Product Langchain-Chatchat
Affected Version 0.3.0, 0.3.1

Affected Products

  • chatchat-space Langchain-Chatchat 0.3.0
  • chatchat-space Langchain-Chatchat 0.3.1

Additional Information

CVE List
CWE List CWE-22
Bulletin Family

Description

A vulnerability classified as problematic was found in chatchat-space Langchain-Chatchat up to 0.3.1. This vulnerability affects unknown code of the file /v1/files?purpose=assistants. The manipulation leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.