Lucene search
GitHub Advisory DatabaseGHSA-WMVM-9VQV-5QPPHistoryJun 16, 2024 - 3:30 p.m.
langchain_experimental Code Execution via Python REPL access
2024-06-1615:30:44
GitHub Advisory Database
github.com
2
langchain experimental
python
repl
access
security
incomplete fix
cve-2024-27444
software
langchain_experimental (aka LangChain Experimental) before 0.0.61 for LangChain provides Python REPL access without an opt-in step. NOTE; this issue exists because of an incomplete fix for CVE-2024-27444.
Affected configurations
Node
langchainlangchain_experimentalRange<0.0.61python
| CPE | Name | Operator | Version |
|---|---|---|---|
| langchain-experimental | lt | 0.0.61 |
References
github.com/advisories/GHSA-wmvm-9vqv-5qpp
github.com/langchain-ai/langchain/commit/ce0b0f22a175139df8f41cdcfb4d2af411112009
github.com/langchain-ai/langchain/compare/langchain-experimental==0.0.60...langchain-experimental==0.0.61
github.com/langchain-ai/langchain/pull/22860
github.com/pypa/advisory-database/tree/main/vulns/langchain-experimental/PYSEC-2024-53.yaml
nvd.nist.gov/vuln/detail/CVE-2024-38459
Related
osv
osv
CVE-2024-38459
2024-06-16 15:15:51
langchain_experimental Code Execution via Python REPL access
2024-06-16 15:30:44
PYSEC-2024-53
2024-06-16 15:15:00
nvd
nvd
CVE-2024-38459
2024-06-16 15:15:51
CVE-2024-27444
2024-02-26 16:28:00
cvelist
cvelist
CVE-2024-38459
2024-06-16 00:00:00
CVE-2024-27444
2024-02-26 00:00:00
vulnrichment
vulnrichment
CVE-2024-38459
2024-06-16 00:00:00
cve
cve
CVE-2024-38459
2024-06-16 15:15:51
CVE-2024-27444
2024-02-26 16:28:00
veracode
veracode
Arbitrary Code Execution
2024-02-27 09:32:18
github
github
LangChain Experimental vulnerable to arbitrary code execution
2024-02-26 18:30:31
prion
prion
Authentication flaw
2024-02-26 16:28:00