LangChain Serialization Injection Vulnerability in Dumps and Dumpd Functions

A serialization injection vulnerability has been identified in LangChain, a framework for building applications powered by large language models. This vulnerability exists in versions prior to 0.3.81 and 1.2.5, within the dumps() and dumpd() functions. The issue arises because these functions do not properly escape dictionaries containing 'lc' keys when serializing free-form dictionaries. The 'lc' key is used internally by LangChain to identify serialized objects. As a result, user-controlled data with this key structure can be misinterpreted as a legitimate LangChain object during deserialization, leading to potential injection attacks by causing the deserializer to instantiate arbitrary classes. This vulnerability has been addressed in versions 0.3.81 and 1.2.5.

Impact

Exploitation of this vulnerability allows for serialization injection, where malicious data can be injected and potentially executed during the deserialization process.

Reproduction

To reproduce this vulnerability, create a dictionary that includes an 'lc' key. Serialize this dictionary using the dumps() or dumpd() functions. When the data is deserialized, the injected dictionary will be treated as a LangChain object, demonstrating how the vulnerability can be exploited.

Remediation

Users can upgrade to LangChain versions 0.3.81 or 1.2.5, where this vulnerability has been patched.