Langchain Langgraph Checkpoint Redis Query Injection Vulnerability

A query injection vulnerability has been identified in the @langchain/langgraph-checkpoint-redis package, specifically within the RedisSaver and ShallowRedisSaver classes. These classes construct RediSearch queries by directly inserting user-provided filter keys and values without adequate escaping. RediSearch syntax allows for query manipulation, and this vulnerability could be exploited to bypass access controls. The issue arises when unescaped user data containing special characters is used in queries, potentially leading to unauthorized data access.

Impact

Exploitation of this vulnerability allows attackers to inject RediSearch OR operators into queries, bypassing thread-based access controls and accessing sensitive conversation data from other users.

Reproduction

To reproduce this vulnerability, use the RedisSaver or ShallowRedisSaver classes with the list() method. Pass a filter value that includes unescaped RediSearch syntax, such as an OR operator or a wildcard, which can manipulate the query logic and bypass access controls.

Remediation

The vulnerability has been fixed in version 1.0.2 of the @langchain/langgraph-checkpoint-redis package. Users should update to this version.