关联漏洞
标题:
LangChain 安全漏洞
(CVE-2024-21513)
描述:LangChain是美国LangChain公司的通过可组合性使用 LLM 构建应用程序。 LangChain 0.0.15版本至0.0.21之前版本存在安全漏洞,该漏洞源于容易受到任意代码执行攻击,攻击者可以利用此漏洞执行任意Python代码。
介绍
# Reproduce-CVE-2024-21513
## Overview
This project demonstrates the vulnerability CVE-2024-21513 in the `langchain-experimental` package, specifically in versions `>=0.0.15 and <0.0.21`. The vulnerability allows arbitrary code execution via the `VectorSQLDatabaseChain` component when retrieving values from the database, due to the use of `eval()` on all retrieved values.
## Workflow to reproduce vulnerability
This application enables you to chat with an SQL database with information about Movies (ID, Title, Director, Year, Rating)
- Connects to a PostgreSQL database using `langchain`'s `SQLDatabase` utility.
- Utilizes OpenAI's GPT models for SQL query generation.
- Leverages `VectorSQLDatabaseChain` for processing database queries.
- Implements a query validation step to check for common SQL mistakes.
## Installation
### Prerequisites
- Python 3.8+
- PostgreSQL Database (or any SQL-compatible database)
- OpenAI API Key
### Setup
1. **Create a virtual environment** (optional but recommended)
```sh
python -m venv venv
source venv/bin/activate
```
2. **Install dependencies**
```sh
pip install -r requirements.txt
```
3. **Set up the environment variables**
Update `.env` file in the project root (while this is not safe, I have provided the URI for PostgreSQL database deployed on Supabase for convenience):
```ini
OPENAI_API_KEY=your-openai-api-key
```
4. **Run the application**
```sh
streamlit run app.py
```
## Docker Deployment
To run the application in a Docker container:
1. **Build the Docker image:**
```sh
docker build -t streamlit-app .
```
2. **Run the container:**
```sh
docker run -p 8501:8501 streamlit-app
```
## Usage
- Enter an SQL query in the text area.
- Click `Submit` to execute the query.
- The result from the database will be displayed.
## Exploit Demonstration
To verify the vulnerability, enter a malicious payload in the SQL query input. I used a very simple payload for this demonstration:
`Add a movie with the title print("hacked") with the director Hacker, year 2019, id 65 and rating 6`
If vulnerable, this will print "hacked" on the server.
## Worse Possible Outcomes of the Attack
If the vulnerable code is executed:
- **Data Exfiltration** – The attacker can read sensitive files (`/etc/passwd`, `.env`, etc.).
- **Denial of Service (DoS)** – The attacker can delete files, use infinite loops, or consume system resources.
- **Backdoor Installation** – The attacker can establish persistence by downloading and executing malware.
## References
- [CVE-2024-21513 - NVD](https://nvd.nist.gov/vuln/detail/CVE-2024-21513)
- [LangChain Security Advisory](https://security.snyk.io/vuln/SNYK-PYTHON-LANGCHAINEXPERIMENTAL-7278171)
- [GitHub Issue & Fix](https://github.com/langchain-ai/langchain/commit/7b13292)
## Disclaimer
This project is for educational and security research purposes only. Do not use this on unauthorized systems.
文件快照
[4.0K] /data/pocs/d7e03eb31507bc46c960adf99e25a488fdf9f66c
├── [3.1K] app.py
├── [ 421] Dockerfile
├── [2.9K] README.md
└── [2.0K] requirements.txt
0 directories, 4 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。