Safety vulnerability ID: 73298
The information on this page was manually curated by our Cybersecurity Intelligence Team.
A critical security vulnerability affects the FAISS class in the langchain-ai/langchain library. The deserialize_from_bytes method deserializes data using Python's pickle module without proper security checks, potentially allowing attackers to execute arbitrary code, including system commands via os.system. Users must update to the latest version, which introduces an allow_dangerous_deserialization parameter. Users must explicitly set this parameter to True to allow deserialization, acknowledging the risk. Never deserialize data from untrusted sources.
Latest version: 0.3.11
Community contributed LangChain integrations.
This vulnerability has no description
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application