LangGraph SQLite Checkpoint SQL Injection Vulnerability

A SQL injection vulnerability exists in LangGraph's SQLite checkpoint implementation, specifically in versions prior to 3.0.1. This vulnerability allows attackers to manipulate SQL queries by exploiting untrusted metadata filter keys in checkpoint search operations. The issue arises because the '_metadata_predicate()' function directly interpolates filter keys into SQL queries without proper validation, leaving applications open to SQL injection attacks.

Impact

Exploitation of this vulnerability allows for arbitrary SQL code execution against the application's database.

Reproduction

To reproduce this vulnerability, use LangGraph SQLite Checkpoint version 3.0.0 or below. Create a checkpoint that accepts untrusted metadata filter keys. When searching the checkpoint, include a malicious filter key designed to exploit the SQL injection vulnerability, such as one that manipulates the SQL query logic or injects SQL commands.

Remediation

Update to LangGraph SQLite Checkpoint version 3.0.1 or later, and audit your application for any instances where filter keys are derived from untrusted sources.