Lucene search

GitHub Advisory DatabaseGHSA-7Q94-QPJR-XPGM

HistoryJul 06, 2023 - 3:30 p.m.

langchain SQL Injection vulnerability

2023-07-0615:30:33

CWE-89

GitHub Advisory Database

github.com

langchain

sql injection

vulnerability

sqldatabasechain

software

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

42.5%

JSON

SQL injection vulnerability in langchain allows a remote attacker to obtain sensitive information via the SQLDatabaseChain component.

Affected configurations

Vulners

Node

langchainlangchainRange≤0.0.225

VendorProductVersionCPE
langchainlangchain*cpe:2.3:a:langchain:langchain:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
langchain	langchain	*	cpe:2.3:a:langchain:langchain::::::::

References

gist.github.com/rharang/9c58d39db8c01db5b7c888e467c0533f

github.com/advisories/GHSA-7q94-qpjr-xpgm

github.com/hwchase17/langchain/issues/5923

github.com/hwchase17/langchain/pull/6051

github.com/langchain-ai/langchain/issues/5923

github.com/langchain-ai/langchain/issues/5923#issuecomment-1696053841

github.com/langchain-ai/langchain/pull/8425

github.com/pypa/advisory-database/tree/main/vulns/langchain/PYSEC-2023-110.yaml

nvd.nist.gov/vuln/detail/CVE-2023-36189

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

42.5%

JSON

Related for GHSA-7Q94-QPJR-XPGM