CVE-2024-1455
Published Mar 26, 2024
Last updated 7 months ago
Overview
- Description
- A vulnerability in the langchain-ai/langchain repository allows for a Billion Laughs Attack, a type of XML External Entity (XXE) exploitation. By nesting multiple layers of entities within an XML document, an attacker can cause the XML parser to consume excessive CPU and memory resources, leading to a denial of service (DoS).
- Source
- security@huntr.dev
- NVD status
- Awaiting Analysis
Risk scores
CVSS 3.0
- Type
- Secondary
- Base score
- 5.9
- Impact score
- 3.6
- Exploitability score
- 2.2
- Vector string
- CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
- Severity
- MEDIUM
Weaknesses
- security@huntr.dev
- CWE-776
Social media
- Hype score
- Not currently trending