AI Threat Alert
A vulnerability classified as problematic was found in chatchat-space Langchain-Chatchat up to 0.3.1. This vulnerability affects unknown code of the file /v1/files?purpose=assistants. The...
Full analysis pending. Showing NVD description excerpt.
Affected Systems
| Package | Ecosystem | Vulnerable Range | Patched |
|---|---|---|---|
| langchain-chatchat | pip | — | No patch |
| langchain-chatchat | pip | <= 0.3.1 | No patch |
Severity & Risk
Recommended Action
No patch available
Monitor for updates. Consider compensating controls or temporary mitigations.
Compliance Impact
Compliance analysis pending. Sign in for full compliance mapping when available.
Technical Details
NVD Description
A vulnerability classified as problematic was found in chatchat-space Langchain-Chatchat up to 0.3.1. This vulnerability affects unknown code of the file /v1/files?purpose=assistants. The manipulation leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Weaknesses (CWE)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N References
- github.com/chatchat-space/Langchain-Chatchat/issues/5353 Exploit Issue Vendor
- vuldb.com Permissions Required VDB
- vuldb.com 3rd Party VDB
- vuldb.com 3rd Party VDB
- github.com/advisories/GHSA-8v8h-4pjx-rg73
- github.com/chatchat-space/Langchain-Chatchat/issues/5353
- nvd.nist.gov/vuln/detail/CVE-2025-6854
- vuldb.com
- vuldb.com
- vuldb.com