4.7 - CVE-2024-2965

Executive Summary

Informations
Name	CVE-2024-2965	First vendor Publication	2024-06-06
Vendor	Cve	Last vendor Modification	2024-11-21

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Overall CVSS Score	4.7
Base Score	4.7	Environmental Score	4.7
impact SubScore	3.6	Temporal Score	4.7
Exploitabality Sub Score	1

Attack Vector	Local	Attack Complexity	High
Privileges Required	Low	User Interaction	None
Scope	Unchanged	Confidentiality Impact	None
Integrity Impact	None	Availability Impact	High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score	N/A	Attack Range	N/A
Cvss Impact Score	N/A	Attack Complexity	N/A
Cvss Expoit Score	N/A	Authentication	N/A
Calculate full CVSS 2.0 Vectors scores

Detail

A Denial-of-Service (DoS) vulnerability exists in the `SitemapLoader` class of the `langchain-ai/langchain` repository, affecting all versions. The `parse_sitemap` method, responsible for parsing sitemaps and extracting URLs, lacks a mechanism to prevent infinite recursion when a sitemap URL refers to the current sitemap itself. This oversight allows for the possibility of an infinite loop, leading to a crash by exceeding the maximum recursion depth in Python. This vulnerability can be exploited to occupy server socket/port resources and crash the Python process, impacting the availability of services relying on this functionality.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2965

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-674	Uncontrolled Recursion

CPE : Common Platform Enumeration

Type	Description	Count
Application	Langchain cpe:2.3:a:langchain:langchain:0.0.64:::::::* cpe:2.3:a:langchain:langchain:0.0.351:::::::* cpe:2.3:a:langchain:langchain:0.0.26::::community::: cpe:2.3:a:langchain:langchain:0.0.245:::::::* cpe:2.3:a:langchain:langchain:0.0.231:::::::* cpe:2.3:a:langchain:langchain:0.0.199:::::::* cpe:2.3:a:langchain:langchain:0.0.194:::::::* cpe:2.3:a:langchain:langchain:0.0.171:::::::* cpe:2.3:a:langchain:langchain:::::::: cpe:2.3:a:langchain:langchain:::::community:::*	10

Sources (Detail)

https://github.com/langchain-ai/langchain/commit/73c42306745b0831aa6fe7fe4eeb...
https://huntr.com/bounties/90b0776d-9fa6-4841-aac4-09fde5918cae

Source	Url

Alert History

If you want to see full details history, please login or register.

Date	Informations
2025-07-30 02:31:53	Multiple Updates
2025-07-17 02:24:57	Multiple Updates
2025-05-29 13:20:09	Multiple Updates
2025-03-05 03:06:05	Multiple Updates
2024-11-25 09:25:10	Multiple Updates
2024-11-03 21:27:56	Multiple Updates
2024-10-16 00:27:44	Multiple Updates
2024-06-25 17:27:30	Multiple Updates
2024-06-07 21:27:24	Multiple Updates
2024-06-07 00:27:26	First insertion

4.7 - CVE-2024-2965

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

CPE : Common Platform Enumeration

Sources (Detail)

Alert History

Global Informations

Open Standards

COMPANY

STANDARDS

RECENT POSTS

MENU