5.9

CVSS Score

Basic Information

CVE ID

CVE-2024-1455

GHSA ID

GHSA-q84m-rmw3-4382

EPSS Score

CWE

CWE-776

Published

3/26/2024

Updated

3/27/2024

KEV Status

Technology

Python

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2024-1455

CVE-2024-1455:
LangChain's XMLOutputParser vulnerable to XML Entity Expansion

The XMLOutputParser in LangChain uses the etree module from the XML parser in the standard python library which has some XML vulnerabilities; see: https://docs.python.org/3/library/xml.html

This primarily affects users that combine an LLM (or agent) with the XMLOutputParser and expose the component via an endpoint on a web-service.

This would allow a malicious party to attempt to manipulate the LLM to produce a malicious payload for the parser that would compromise the availability of the service.

A successful attack is predicated on:

Usage of XMLOutputParser
Passing of malicious input into the XMLOutputParser either directly or by trying to manipulate an LLM to do so on the users behalf
Exposing the component via a web-service

(GitHub Advisory)

5.9

CVSS Score

Basic Information

CVE ID

CVE-2024-1455

GHSA ID

GHSA-q84m-rmw3-4382

EPSS Score

CWE

CWE-776

Published

3/26/2024

Updated

3/27/2024

KEV Status

Technology

Python

Technical Details

CVSS Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
langchain-core	pip	< 0.1.35	0.1.35

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from using Python's standard XML parser which is vulnerable to XML Entity Expansion (CWE-776). The patch replaces xml.etree.ElementTree with defusedxml in three key areas: 1) The main parse() method 2) The synchronous _transform() streaming parser 3) The async _atransform() streaming parser. All three functions directly handled XML parsing without proper entity expansion restrictions prior to the patch, making them entry points for denial-of-service attacks via malicious XML payloads.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T** XMLOutputP*rs*r in L*n****in us*s t** *tr** mo*ul* *rom t** XML p*rs*r in t** st*n**r* pyt*on li*r*ry w*i** **s som* XML vuln*r**iliti*s; s**: *ttps://*o*s.pyt*on.or*/*/li*r*ry/xml.*tml T*is prim*rily *****ts us*rs t**t *om*in* *n LLM (or ***nt)

Reasoning

T** vuln*r**ility st*ms *rom usin* Pyt*on's st*n**r* XML p*rs*r w*i** is vuln*r**l* to XML *ntity *xp*nsion (*W*-***). T** p*t** r*pl***s xml.*tr**.*l*m*ntTr** wit* ***us**xml in t*r** k*y *r**s: *) T** m*in p*rs*() m*t*o* *) T** syn**ronous _tr*ns*o

5.9

Basic Information

Concerned about an active attack path?

CVE-2024-1455: LangChain's XMLOutputParser vulnerable to XML Entity Expansion

5.9

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2024-1455:
LangChain's XMLOutputParser vulnerable to XML Entity Expansion

Vulnerability Intelligence
Miggo AI