[webapps] LangChain Core 1.2.4 - SSTI/RCE
ATT&CK techniques detected
T1059.007JavaScript
74%
"} # serialize ( dumps does not escape ' lc ' key ) serialized = dumps ( payload ) # deserialize - instantiates the malicious prompttemplate deserialized = load ( serialized, secrets _ from _ env = true ) # extract and invoke the malicious prompt → triggers ssti → rce malicious = …"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1059.006Python
32%
"[ webapps ] langchain core 1. 2. 4 - ssti / rce # exploit title : langchain core - ssti / rce # date : 2025 - 12 - 29 # exploit author : mohammed idrees banyamer # author country : jordan # contact : @ banyamer _ security ( instagram ) # github : https : / / github. com / mbanyam…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
LangChain Core 1.2.4 - SSTI/RCE