chore(deps): update dependency langchain-openai to v1 [security]#246
Open
renovate-bot wants to merge 1 commit into
Open
chore(deps): update dependency langchain-openai to v1 [security]#246renovate-bot wants to merge 1 commit into
renovate-bot wants to merge 1 commit into
Conversation
|
/gcbrun |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
>=0.1.0, <1.0.0→>=1.1.14, <1.1.15==0.3.15→==1.1.14langchain-openai: Image token counting SSRF protection can be bypassed via DNS rebinding
CVE-2026-41488 / GHSA-r7w7-9xr2-qq2r
More information
Details
Summary
langchain-openai's_url_to_size()helper (used byget_num_tokens_from_messagesfor image token counting) validated URLs for SSRF protection and then fetched them in a separate network operation with independent DNS resolution. This left a TOCTOU / DNS rebinding window: an attacker-controlled hostname could resolve to a public IP during validation and then to a private/localhost IP during the actual fetch.The practical impact is limited because the fetched response body is passed directly to Pillow's
Image.open()to extract dimensions — the response content is never returned, logged, or otherwise exposed to the caller. An attacker cannot exfiltrate data from internal services through this path. A potential risk is blind probing (inferring whether an internal host/port is open based on timing or error behavior).Affected versions
langchain-openai< 1.1.14Patched versions
langchain-openai>= 1.1.14 (requireslangchain-core>= 1.2.31)Affected code
File:
libs/partners/openai/langchain_openai/chat_models/base.py—_url_to_size()The vulnerable pattern was a validate-then-fetch with separate DNS resolution:
Fix
The fix replaces the validate-then-fetch pattern with an SSRF-safe httpx transport (
SSRFSafeSyncTransportfromlangchain-core) that:This fix was released in langchain-openai 1.1.14.
Severity
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:NReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
Release Notes
langchain-ai/langchain (langchain-openai)
v0.1.16Compare Source
What's Changed
_load_sql_databse_chainby @B-Step62 in #19908New Contributors
Full Changelog: langchain-ai/langchain@v0.1.15...v0.1.16
v0.1.15Compare Source
What's Changed
afrom_texts&afrom_embeddingsby @crispyricepc in #20009LocalFileStoreto allow directory/file permissions to be specified by @chrispy-snps in #18857graphsupdate by @leo-gan in #19675integrations/providersupdate 10 by @leo-gan in #19970integrations/providers/unstructuredupdate by @leo-gan in #19892integrations/providersupdate 9 by @leo-gan in #19941cross_encodersflatten namespaces by @leo-gan in #20183ElasticsearchStore.BM25RetrievalStrategyby @g-votte in #20098New Contributors
Full Changelog: langchain-ai/langchain@v0.1.14...v0.1.15
v0.1.14Compare Source
What's Changed
by @efriis in #19452
api_docs_cleanfix by @leo-gan in #19405partitionparameter to DashVector by @wangcailin in #19385pipeandpickmethods (docs only) by @liugddx in #19395DuckDBas a vectorstore by @Hugoberry in #18916HuggingFacePipelineby @nikhilkmr300 in #19306Configuration
📅 Schedule: (UTC)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Never, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about these updates again.
This PR was generated by Mend Renovate. View the repository job log.