CVE-2024-3095 – This Server-Side Request Forgery (SSRF) vulnera... (How to Fix)

📋 TL;DR

This Server-Side Request Forgery (SSRF) vulnerability in langchain's Web Research Retriever allows attackers to make the server send requests to internal network addresses and cloud metadata services. It affects anyone using langchain-ai/langchain version 0.1.5 with the Web Research Retriever component enabled. Attackers can scan internal networks, access sensitive services, and potentially execute arbitrary code.

💻 Affected Systems

Products:

langchain-ai/langchain

Versions: 0.1.5

Operating Systems: all

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems using the Web Research Retriever component. The vulnerability is present in default configurations.

📦 What is this software?

Langchain by Langchain

View all CVEs affecting Langchain →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Arbitrary code execution through interaction with vulnerable internal services, credential theft from cloud metadata, and complete compromise of affected systems.

🟠

Likely Case

Internal network reconnaissance, access to sensitive internal APIs, cloud metadata theft, and potential data exfiltration.

🟢

If Mitigated

Limited to port scanning and basic reconnaissance if network segmentation and proper firewalls are in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires access to the Web Research Retriever endpoint but no authentication. SSRF attacks are well-documented and easy to automate.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.1.6 or later

Vendor Advisory: https://huntr.com/bounties/e62d4895-2901-405b-9559-38276b6a5273

Restart Required: Yes

Instructions:

1. Update langchain to version 0.1.6 or later using pip: pip install --upgrade langchain==0.1.6
2. Restart all services using langchain
3. Verify the update was successful

🔧 Temporary Workarounds

Network Segmentation

linux

Restrict outbound network access from the affected server to only necessary external resources

iptables -A OUTPUT -p tcp --dport 80 -j DROP
iptables -A OUTPUT -p tcp --dport 443 -j DROP

Input Validation

all

Implement URL validation to block requests to internal IP ranges and localhost

🧯 If You Can't Patch

Disable the Web Research Retriever component entirely if not required
Implement a web application firewall (WAF) with SSRF protection rules

🔍 How to Verify

Check if Vulnerable:

Check if langchain version is 0.1.5 and Web Research Retriever is enabled

Check Version:

python -c "import langchain; print(langchain.__version__)"

Verify Fix Applied:

Verify langchain version is 0.1.6 or later and test that internal network requests are blocked

📡 Detection & Monitoring

Log Indicators:

Unusual outbound HTTP requests from the server
Requests to internal IP addresses (10.x.x.x, 172.16.x.x, 192.168.x.x)
Requests to cloud metadata endpoints (169.254.169.254)

Network Indicators:

Outbound HTTP traffic to unusual ports
Traffic to internal network ranges from internet-facing servers

SIEM Query:

source="web_server_logs" AND (dst_ip=10.0.0.0/8 OR dst_ip=172.16.0.0/12 OR dst_ip=192.168.0.0/16 OR dst_ip=169.254.169.254)

📊 Metadata

CVE ID: CVE-2024-3095

CVSS v3 Score: 7.7 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

CWE: CWE-918

Published: June 6, 2024

Last Updated: November 21, 2024

🔗 References

https://huntr.com/bounties/e62d4895-2901-405b-9559-38276b6a5273 Exploit,Third Party Advisory
https://huntr.com/bounties/e62d4895-2901-405b-9559-38276b6a5273 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-3095, you might also want to check these: