github/langchain
1
0
Fork 0
mirror of https://github.com/hwchase17/langchain.git synced 2025-09-28 15:00:23 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
604dfe2d99246b0c09f047c604f0c63eafba31e7
langchain/libs/community/langchain_community/retrievers
History
Eugene Yurtsev 604dfe2d99 community[patch]: Force opt-in for WebResearchRetriever (CVE-2024-3095) (#24451) 
This PR addresses the issue raised by (CVE-2024-3095)

https://huntr.com/bounties/e62d4895-2901-405b-9559-38276b6a5273

Unfortunately, we didn't do a good job writing the initial report. It's
pointing at both the wrong package and the wrong code.

The affected code is the Web Retriever not the AsyncHTMLLoader, and the
WebRetriever lives in langchain-community

The vulnerable code lives here: 

0bd3f4e129/libs/community/langchain_community/retrievers/web_research.py (L233-L233)


This PR adds a forced opt-in for users to make sure they are aware of
the risk and can mitigate by configuring a proxy:


0bd3f4e129/libs/community/langchain_community/retrievers/web_research.py (L84-L84)
2024-07-19 18:51:35 +00:00
..
__init__.py
community[minor]: Add Zep Cloud components + docs + examples (#21671)
2024-05-27 12:50:13 -07:00
arcee.py
core[minor],community[minor]: Upgrade all @root_validator() to @pre_init (#23841)
2024-07-08 16:09:29 -04:00
arxiv.py
asknews.py
community[minor]: add AskNews retriever and AskNews tool (#21581)
2024-05-20 18:23:06 -07:00
azure_ai_search.py
community[patch]:Support filter for AzureAISearchRetriever (#22303)
2024-06-05 16:53:19 -07:00
bedrock.py
Add source metadata to bedrock retriever response (#21349)
2024-05-09 11:06:22 -04:00
bm25.py
breebs.py
community[patch]: Add missing type annotations (#22758)
2024-06-10 16:59:28 -04:00
chaindesk.py
chatgpt_plugin_retriever.py
cohere_rag_retriever.py
databerry.py
docarray.py
dria_index.py
community[patch]: upgrade to recent version of mypy (#21616)
2024-05-13 14:55:07 -04:00
elastic_search_bm25.py
embedchain.py
google_cloud_documentai_warehouse.py
core[minor],community[minor]: Upgrade all @root_validator() to @pre_init (#23841)
2024-07-08 16:09:29 -04:00
google_vertex_ai_search.py
infra: rm unused # noqa violations (#22049)
2024-05-22 15:21:08 -07:00
kay.py
kendra.py
infra: update mypy 1.10, ruff 0.5 (#23721)
2024-07-03 10:33:27 -07:00
knn.py
infra: update mypy 1.10, ruff 0.5 (#23721)
2024-07-03 10:33:27 -07:00
llama_index.py
metal.py
milvus.py
infra: update mypy 1.10, ruff 0.5 (#23721)
2024-07-03 10:33:27 -07:00
outline.py
pinecone_hybrid_search.py
core[minor],community[minor]: Upgrade all @root_validator() to @pre_init (#23841)
2024-07-08 16:09:29 -04:00
pubmed.py
pupmed.py
qdrant_sparse_vector_retriever.py
core[minor],community[minor]: Upgrade all @root_validator() to @pre_init (#23841)
2024-07-08 16:09:29 -04:00
rememberizer.py
remote_retriever.py
svm.py
infra: update mypy 1.10, ruff 0.5 (#23721)
2024-07-03 10:33:27 -07:00
tavily_search_api.py
community[patch]: Update TavilySearch to use TavilyClient instead of the deprecated Client (#24270)
2024-07-16 13:35:28 +00:00
tfidf.py
ci: Add script to check for pickle usage in community (#22863)
2024-06-13 16:13:15 -04:00
thirdai_neuraldb.py
core[minor],community[minor]: Upgrade all @root_validator() to @pre_init (#23841)
2024-07-08 16:09:29 -04:00
vespa_retriever.py
weaviate_hybrid_search.py
web_research.py
community[patch]: Force opt-in for WebResearchRetriever (CVE-2024-3095) (#24451)
2024-07-19 18:51:35 +00:00
wikipedia.py
you.py
zep_cloud.py
community[minor]: Add Zep Cloud components + docs + examples (#21671)
2024-05-27 12:50:13 -07:00
zep.py
zilliz.py