Lucene search
CVE-2024-21513
Versions 0.0.15 to 0.0.21 of langchain-experimental package allow Arbitrary Code Execution from database inpu
Show more
| Reporter | Title | Published | Views | Family All 11 |
|---|---|---|---|---|
 | CVE-2024-21513 | 15 Jul 202405:00 | – | cvelist |
 | CVE-2024-21513 | 15 Jul 202405:15 | – | nvd |
 | CVE-2024-21513 | 15 Jul 202405:15 | – | osv |
| GHSA-CGCG-P68Q-3W7V langchain-experimental vulnerable to Arbitrary Code Execution | 15 Jul 202406:30 | – | osv |
| PYSEC-2024-62 | 15 Jul 202405:15 | – | osv |
 | Code Injection | 16 Jul 202405:59 | – | veracode |
 | CVE-2024-21513 | 5 Feb 202510:44 | – | redhatcve |
 | Exploit for Code Injection in Langchain Langchain-Experimental | 4 Mar 202513:11 | – | githubexploit |
| Exploit for Code Injection in Langchain Langchain-Experimental | 9 Apr 202516:13 | – | githubexploit |
 | CVE-2024-21513 | 15 Jul 202405:00 | – | vulnrichment |
10
Node
[
{
"product": "langchain-experimental",
"versions": [
{
"version": "0.0.15",
"lessThan": "0.0.21",
"status": "affected",
"versionType": "semver"
}
],
"vendor": "n/a"
}
]| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| SQL query | request body | /path/to/sql/query/endpoint | Arbitrary code execution vulnerability via SQL input that allows attackers to run arbitrary code using eval(). | CWE-94 |
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo15 Jul 2024 05:15Current
8.2High risk
Vulners AI Score8.2
CVSS38.5
EPSS0.0277
SSVC