The Hacker News

LangGraph Flaw Chain Exposes Self-Hosted AI Agents to Remote Code Execution

Three patched LangGraph flaws could let attackers chain SQL injection and unsafe deserialization for RCE in self-hosted ...
GitHub

[Security] SQL Injection in cache.getEntire() #6

Security: SQL Injection in cache.getEntire () server/database/cache.ts 中的 getEntire () 方法在构建 SQL 查询时直接将 keys 数组拼接到 SQL 字符串中,未使用参数化查询,存在 SQL 注入漏洞。 问题位置 server/database/cache.ts 第 35-45 行附近的 getEntire ( ...
GitHub

vulnerable_vs_secure.md

Same attack input: 1' UNION SELECT user, password FROM users-- Result: Input fails the ctype_digit() check → request rejected immediately. Even if validation were skipped, the prepared statement would ...