cbcvebase.
CVE-2024-8309
published 2024-10-29

CVE-2024-8309: A vulnerability in the GraphCypherQAChain class of langchain-ai/langchain version 0.2.5 allows for SQL injection through prompt injection. This vulnerability…

PriorityP267critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
13.80%
96.0th percentile
A vulnerability in the GraphCypherQAChain class of langchain-ai/langchain version 0.2.5 allows for SQL injection through prompt injection. This vulnerability can lead to unauthorized data manipulation, data exfiltration, denial of service (DoS) by deleting all data, breaches in multi-tenant security environments, and data integrity issues. Attackers can create, update, or delete nodes and relationships without proper authorization, extract sensitive data, disrupt services, access data across different tenants, and compromise the integrity of the database.

Affected

4 ranges
VendorProductVersion rangeFixed in
langchain-ailangchain-ai_langchain>= unspecified < 0.3.00.3.0
langchainlangchain
langchainlangchain>= 0 < 0.2.00.2.0
langchainlangchain>= 0 < c2a3021bb0c5f54649d380b42a0684ca5778c255c2a3021bb0c5f54649d380b42a0684ca5778c255

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerable class is GraphCypherQAChain in langchain-ai/langchain version 0.2.5; monitor for prompt injection payloads targeting this class that result in Cypher query manipulation (SQL/Cypher injection via prompt injection)
  • Exploitation requires an exposed endpoint that accepts user inputs routed through GraphCypherQAChain; audit and monitor such endpoints for anomalous Cypher queries (e.g., CREATE, UPDATE, DELETE node/relationship operations not expected from normal usage)
  • Attack surface includes multi-tenant environments; monitor for cross-tenant data access patterns or unexpected bulk data deletion (DoS via delete-all) originating from LangChain GraphCypherQAChain query execution
  • ·The GraphCypherQAChain class has explicit documentation requiring appropriate RBAC controls; absence of RBAC on the Neo4j/graph database backend is a prerequisite for successful exploitation — verify RBAC is enforced at the database layer
  • ·Policy-based LangChain frameworks lack cryptographic binding, meaning a compromised LLM can generate syntactically valid but semantically malicious Cypher calls that bypass policy checks — runtime verification outside the LLM is required

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv3.04.9MEDIUMCVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
vendor_redhat9.8CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.