Primary

Context

LangChain4j-AIDeepin File Upload Conflict Vulnerability Due to MD5 Hashing

Vulnerability

A file upload conflict vulnerability has been identified in LangChain4j-AIDeepin versions prior to 3.5.0. The issue arises because the application uses MD5 to hash files, leading to potential conflicts during file uploads. This vulnerability has been addressed in version 3.5.0.

Impact

Users who upload files may experience conflicts, causing the wrong file to be uploaded or the intended file to be rejected.

Remediation

Users can upgrade to version 3.5.0 to address this vulnerability. If an upgrade is not possible, files can be re-uploaded after making slight adjustments to their content to change the MD5 hash.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

8.1

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

5.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

8.1

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

5.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

LangChain4j-AIDeepin File Upload Conflict Vulnerability Due to MD5 Hashing

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating