Closed efriis closed 3 weeks ago
This CVE was fixed in this PR: https://github.com/langchain-ai/langchain/pull/22903/files
PR shows that the SitemapLoader is in the langchain-community
package, which is not a dependency of langchain
.
Here's the file in master if helpful
And here's the root of the langchain
library, which doesn't contain SitemapLoader
Awesome. Thanks for the references 👍
Hi @efriis! Thank you so much for contributing to the GitHub Advisory Database. This database is free, open, and accessible to all, and it's people like you who make it great. Thanks for choosing to help others. We hope you send in more contributions in the future!
Updates
Comments This vulnerability is tagged with the wrong package