Langsmith Sdk
Monthly
Path traversal in LangSmith Client SDK's TracingMiddleware (versions prior to 0.8.18) enables a trust-boundary crossing where any party with LangSmith workspace trace-read access can exfiltrate arbitrary files from servers running the middleware. An attacker sends a crafted HTTP request to a TracingMiddleware-instrumented server, causing it to read a local filesystem path and upload the contents to LangSmith as a trace attachment, which the attacker then retrieves via their workspace access. No public exploit has been identified at time of analysis, but the low complexity and broadly scoped file read make this a meaningful risk for any multi-tenant or contractor-accessible LangSmith deployment.
Prototype pollution in the LangSmith JavaScript/TypeScript SDK (npm 'langsmith', versions <= 0.5.17) lets an attacker who controls object keys passed to the createAnonymizer() API pollute Object.prototype for the entire Node.js process. The internally vendored lodash set() utility guards only the __proto__ key and misses the constructor.prototype traversal path, so a crafted key like 'constructor.prototype.polluted' bypasses the fix. Publicly available exploit code exists (SSVC 'poc' plus regression tests in the fix PR), but EPSS is only 0.04% with no evidence of active exploitation; notably the vendor GHSA rates this Medium (~CVSS 5.6), conflicting sharply with the NVD 9.8.
Path traversal in LangSmith Client SDK's TracingMiddleware (versions prior to 0.8.18) enables a trust-boundary crossing where any party with LangSmith workspace trace-read access can exfiltrate arbitrary files from servers running the middleware. An attacker sends a crafted HTTP request to a TracingMiddleware-instrumented server, causing it to read a local filesystem path and upload the contents to LangSmith as a trace attachment, which the attacker then retrieves via their workspace access. No public exploit has been identified at time of analysis, but the low complexity and broadly scoped file read make this a meaningful risk for any multi-tenant or contractor-accessible LangSmith deployment.
Prototype pollution in the LangSmith JavaScript/TypeScript SDK (npm 'langsmith', versions <= 0.5.17) lets an attacker who controls object keys passed to the createAnonymizer() API pollute Object.prototype for the entire Node.js process. The internally vendored lodash set() utility guards only the __proto__ key and misses the constructor.prototype traversal path, so a crafted key like 'constructor.prototype.polluted' bypasses the fix. Publicly available exploit code exists (SSVC 'poc' plus regression tests in the fix PR), but EPSS is only 0.04% with no evidence of active exploitation; notably the vendor GHSA rates this Medium (~CVSS 5.6), conflicting sharply with the NVD 9.8.