CVE-2024-7042
📋 TL;DR
A prompt injection vulnerability in langchain-ai/langchainjs GraphCypherQAChain class allows attackers to inject SQL commands through manipulated prompts, leading to unauthorized database operations. This affects all applications using langchain-ai/langchainjs versions 0.2.5 and any versions containing the vulnerable GraphCypherQAChain class.
💻 Affected Systems
- langchain-ai/langchainjs
📦 What is this software?
Langchain by Langchain
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise including data deletion, exfiltration of all sensitive information, and unauthorized access across multi-tenant environments.
Likely Case
Unauthorized data access and manipulation, potential data exfiltration, and disruption of database operations.
If Mitigated
Limited impact with proper input validation and database access controls, though prompt injection vectors may still exist.
🎯 Exploit Status
Exploitation requires access to the prompt interface but no authentication. Public proof-of-concept exists in the bounty report.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in commit 615b9d9ab30a2d23a2f95fb8d7acfdf4b41ad7a6
Vendor Advisory: https://github.com/langchain-ai/langchainjs/commit/615b9d9ab30a2d23a2f95fb8d7acfdf4b41ad7a6
Restart Required: No
Instructions:
1. Update langchain-ai/langchainjs to version containing commit 615b9d9ab30a2d23a2f95fb8d7acfdf4b41ad7a6. 2. Verify GraphCypherQAChain class implements proper input sanitization. 3. Test prompt injection vectors are blocked.
🔧 Temporary Workarounds
Disable GraphCypherQAChain
allTemporarily disable or remove GraphCypherQAChain functionality until patched.
Remove or comment out GraphCypherQAChain imports and usage
Implement Input Validation
allAdd strict input validation and sanitization for all prompt inputs.
Implement regex filtering for SQL keywords in user prompts
Use parameterized queries for all database operations
🧯 If You Can't Patch
- Implement strict network segmentation to isolate database servers from application servers
- Enable database audit logging and monitor for unusual query patterns
🔍 How to Verify
Check if Vulnerable:
Check if your application uses langchain-ai/langchainjs GraphCypherQAChain class and is on version 0.2.5 or earlier.Check Version:
npm list langchain or check package.json for langchain-ai/langchainjs versionVerify Fix Applied:
Test prompt injection attempts with SQL commands to verify they are properly sanitized or blocked.📡 Detection & Monitoring
Log Indicators:
- Unusual database queries from application layer
- SQL error messages in application logs
- Unexpected CREATE/UPDATE/DELETE operations
Network Indicators:
- Unusual database connection patterns
- Large data transfers from database servers
SIEM Query:
source="application_logs" AND ("SQL syntax" OR "unexpected query" OR "GraphCypherQAChain")