Today > vulnerabilities   -   You can now download lists of IOCs here!

CVE-2025-21604

Jan. 6, 2025, 4:15 p.m.

Tags

security-advisories@github.com
CWE-328
2025-01-06
CVE-2025-21604

Product(s) Impacted

LangChain4j-AIDeepin

  • before 3.5.0

Description

LangChain4j-AIDeepin is a Retrieval enhancement generation (RAG) project. Prior to 3.5.0, LangChain4j-AIDeepin uses MD5 to hash files, which may cause file upload conflicts. This issue is fixed in 3.5.0.

Weaknesses

CWE-328
Use of Weak Hash

The product uses an algorithm that produces a digest (output value) that does not meet security expectations for a hash function that allows an adversary to reasonably determine the original input (preimage attack), find another input that can produce the same hash (2nd preimage attack), or find multiple inputs that evaluate to the same hash (birthday attack).

CWE ID: 328

Date

Published: Jan. 6, 2025, 4:15 p.m.

Last Modified: Jan. 6, 2025, 4:15 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

security-advisories@github.com

References

https://github.com/ security-advisories@github.com
https://github.com/ security-advisories@github.com