THREATINT

We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Fathom (Privacy friendly web analytics)
Zendesk (Helpdesk and Chat)

Ok

Home | EN
Support
CVE
PUBLISHED

CVE-2024-2965

Denial-of-Service in langchain-community SitemapLoader

Assigner@huntr_ai
Reserved2024-03-26
Published2024-06-06
Updated2024-06-25

Description

A Denial-of-Service (DoS) vulnerability exists in the `SitemapLoader` class of the `langchain-community` package, affecting all versions. The `parse_sitemap` method, responsible for parsing sitemaps and extracting URLs, lacks a mechanism to prevent infinite recursion when a sitemap URL refers to the current sitemap itself. This oversight allows for the possibility of an infinite loop, leading to a crash by exceeding the maximum recursion depth in Python. This vulnerability can be exploited to occupy server socket/port resources and crash the Python process, impacting the availability of services relying on this functionality.



MEDIUM: 4.2CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Problem types

CWE-400 Uncontrolled Resource Consumption

Product status

Default status
unaffected

Any version
affected

References

https://huntr.com/bounties/90b0776d-9fa6-4841-aac4-09fde5918cae

cve.org CVE-2024-2965

nvd.nist.gov CVE-2024-2965

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-2965
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
© Copyright 2024 THREATINT. Made in Cyprus with +