-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from the ability to load Jinja2-formatted prompt templates from untrusted files. The pre-patch _load_prompt function in loading.py lacked validation for the 'template_format' field, allowing execution of arbitrary code via Jinja2's lack of sandboxing. The added security warnings in base.py and prompt.py, along with the explicit blocking of 'jinja2' template_format in loading.py's _load_prompt in the patch, confirm these functions were the attack surface. The test cases demonstrate exploitation via subclasses chains in templates, which aligns with the CWE-94 code injection pattern.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| langchain | pip | < 0.0.312 | 0.0.312 |
Ongoing coverage of React2Shell