CVE-2025-21604

UNKNOWN

Published January 6, 2025

LangChain4j-AIDeepin is a Retrieval enhancement generation (RAG) project. Prior to 3.5.0, LangChain4j-AIDeepin uses MD5 to hash files, which may cause file upload conflicts. This issue is fixed in...

Full analysis pending. Showing NVD description excerpt.

Severity & Risk

CVSS 3.1

N/A

EPSS

N/A

KEV Status

Not in KEV

Sophistication

N/A

Recommended Action

No patch available

Monitor for updates. Consider compensating controls or temporary mitigations.

Compliance Impact

Compliance analysis pending. Sign in for full compliance mapping when available.

Technical Details

NVD Description

LangChain4j-AIDeepin is a Retrieval enhancement generation (RAG) project. Prior to 3.5.0, LangChain4j-AIDeepin uses MD5 to hash files, which may cause file upload conflicts. This issue is fixed in 3.5.0.

Weaknesses (CWE)

CWE-328

References

github.com/moyangzhan/langchain4j-aideepin/commit/3cf625c5044a151a8cbcbdf98e10b4b46b8a975a
github.com/moyangzhan/langchain4j-aideepin/security/advisories/GHSA-cv5r-73vf-8x7v

Timeline

Published

January 6, 2025

Last Modified

January 6, 2025

First Seen

January 6, 2025

Back to Threat Feed