CVE-2024-5998

A vulnerability in the FAISS.deserialize_from_bytes function of langchain-ai/langchain allows for pickle deserialization of untrusted data. This can lead to the execution of arbitrary commands via the os.system function. The issue affects the latest version of the product. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt