Lucene search
MitreCVE-2023-36095HistoryAug 05, 2023 - 3:15 a.m.
CVE-2023-36095
2023-08-0503:15:13
CWE-94
mitre
web.nvd.nist.gov
50
cve-2023-36095
harrison chase langchain
arbitrary code execution
python exec calls
nvd
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.6
Confidence
High
EPSS
0.002
Percentile
64.8%
An issue in Harrison Chase langchain v.0.0.194 allows an attacker to execute arbitrary code via the python exec calls in the PALChain, affected functions include from_math_prompt and from_colored_object_prompt.
Affected configurations
Node
langchainlangchainMatch0.0.194
Related
veracode
veracode
Arbitrary Code Execution
2023-08-07 22:56:54
nvd
nvd
CVE-2023-36095
2023-08-05 03:15:13
osv
osv
langchain Code Injection vulnerability
2023-08-05 03:30:19
PYSEC-2023-138
2023-08-05 03:15:00
CVE-2023-36095
2023-08-05 03:15:13
github
github
langchain Code Injection vulnerability
2023-08-05 03:30:19
cvelist
cvelist
CVE-2023-36095
2023-08-05 00:00:00
prion
prion
Design/Logic Flaw
2023-08-05 03:15:00
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.6
Confidence
High
EPSS
0.002
Percentile
64.8%
Related for CVE-2023-36095