Skip to content

chore(deps): update dependency langchain-openai to v1 [security]#246

Open
renovate-bot wants to merge 1 commit into
googleapis:mainfrom
renovate-bot:renovate/pypi-langchain-openai-vulnerability
Open

chore(deps): update dependency langchain-openai to v1 [security]#246
renovate-bot wants to merge 1 commit into
googleapis:mainfrom
renovate-bot:renovate/pypi-langchain-openai-vulnerability

Conversation

@renovate-bot

Copy link
Copy Markdown
Contributor

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Change Age Confidence
langchain-openai (changelog) >=0.1.0, <1.0.0>=1.1.14, <1.1.15 age confidence
langchain-openai (changelog) ==0.3.15==1.1.14 age confidence

langchain-openai: Image token counting SSRF protection can be bypassed via DNS rebinding

CVE-2026-41488 / GHSA-r7w7-9xr2-qq2r

More information

Details

Summary

langchain-openai's _url_to_size() helper (used by get_num_tokens_from_messages for image token counting) validated URLs for SSRF protection and then fetched them in a separate network operation with independent DNS resolution. This left a TOCTOU / DNS rebinding window: an attacker-controlled hostname could resolve to a public IP during validation and then to a private/localhost IP during the actual fetch.

The practical impact is limited because the fetched response body is passed directly to Pillow's Image.open() to extract dimensions — the response content is never returned, logged, or otherwise exposed to the caller. An attacker cannot exfiltrate data from internal services through this path. A potential risk is blind probing (inferring whether an internal host/port is open based on timing or error behavior).

Affected versions
  • langchain-openai < 1.1.14
Patched versions
  • langchain-openai >= 1.1.14 (requires langchain-core >= 1.2.31)
Affected code

File: libs/partners/openai/langchain_openai/chat_models/base.py_url_to_size()

The vulnerable pattern was a validate-then-fetch with separate DNS resolution:

validate_safe_url(image_source, allow_private=False, allow_http=True)

##### ... separate network operation with independent DNS resolution ...
response = httpx.get(image_source, timeout=timeout)
Fix

The fix replaces the validate-then-fetch pattern with an SSRF-safe httpx transport (SSRFSafeSyncTransport from langchain-core) that:

  • Resolves DNS once and validates all returned IPs against a policy (private ranges, cloud metadata, localhost, k8s internal DNS)
  • Pins the connection to the validated IP, eliminating the DNS rebinding window
  • Disables redirect following to prevent redirect-based SSRF bypasses

This fix was released in langchain-openai 1.1.14.

Severity

  • CVSS Score: 3.1 / 10 (Low)
  • Vector String: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

References

This data is provided by the GitHub Advisory Database (CC-BY 4.0).


Release Notes

langchain-ai/langchain (langchain-openai)

v0.1.16

Compare Source

What's Changed

New Contributors

Full Changelog: langchain-ai/langchain@v0.1.15...v0.1.16

v0.1.15

Compare Source

What's Changed

New Contributors

Full Changelog: langchain-ai/langchain@v0.1.14...v0.1.15

v0.1.14

Compare Source

What's Changed

Note

PR body was truncated to here.


Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Never, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate-bot
renovate-bot requested review from a team as code owners July 17, 2026 14:04
@product-auto-label product-auto-label Bot added the api: spanner Issues related to the googleapis/langchain-google-spanner-python API. label Jul 17, 2026
@dpebot

dpebot commented Jul 17, 2026

Copy link
Copy Markdown

/gcbrun

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

api: spanner Issues related to the googleapis/langchain-google-spanner-python API.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants