Lucene search
K

10 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 5:4 a.m.6 views

CVE-2023-36258

An issue in LangChain before 0.0.236 allows an attacker to execute arbitrary code because Python code with os.system, exec, or eval can be used...

9.8CVSS7.3AI score0.01074EPSS
Exploits1
Veracode
Veracode
added 2023/10/11 6:12 a.m.26 views

Code Injection

langchain is vulnerable to Code Injection. The vulnerability is due to improper prompt santization in the PALChain. This vulnerability bypasses CVE-2023-36258...

9.8CVSS8.9AI score0.01074EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2023/10/09 9:30 p.m.41 views

langchain_experimental vulnerable to arbitrary code execution via PALChain in the python exec method

langchainexperimental aka LangChain Experimental in LangChain before 0.0.306 allows an attacker to bypass the CVE-2023-36258 fix and execute arbitrary code via import in Python code, which is not prohibited by palchain/base.py...

9.8CVSS9.6AI score0.00943EPSS
Exploits0References6Affected Software1
Prion
Prion
added 2023/10/09 8:15 p.m.27 views

Design/Logic Flaw

langchainexperimental aka LangChain Experimental in LangChain before 0.0.306 allows an attacker to bypass the CVE-2023-36258 fix and execute arbitrary code via import in Python code, which is not prohibited by palchain/base.py...

7.5CVSS9.5AI score0.01074EPSS
Exploits1References1Affected Software1
PyPA
PyPA
added 2023/10/09 8:15 p.m.5 views

PYSEC-2023-194

langchainexperimental 0.0.14 allows an attacker to bypass the CVE-2023-36258 fix and execute arbitrary code via the PALChain in the python exec method...

9.8CVSS7.9AI score0.01074EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2023/10/09 12:0 a.m.41 views

CVE-2023-44467

langchainexperimental aka LangChain Experimental in LangChain before 0.0.306 allows an attacker to bypass the CVE-2023-36258 fix and execute arbitrary code via import in Python code, which is not prohibited by palchain/base.py...

9.8AI score0.00943EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2023/07/03 9:30 p.m.4 views

agent-actors (=0.1.0), agent-reader (>=0.2.1 <=0.2.2) +176 more potentially affected by CVE-2023-36258 via langchain (>=0.0.100 <=0.0.246)

langchain PYPI version =0.0.100, =0.2.1, =0.1.0, =0.1.5, =0.0.1, =0.0.1, =0.0.1, =0.0.5, =0.0.14, =0.1.9, =0.0.33, =0.1.0a0, =0.2.0, =0.1.3, =0.1.5 and more Source cves: CVE-2023-36258 Source advisory: OSV:GHSA-2QMJ-7962-CJQ8...

9.8CVSS7.2AI score0.01074EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2023/07/03 9:15 p.m.4 views

agent-actors (=0.1.0), agent-reader (>=0.2.1 <=0.2.2) +176 more potentially affected by CVE-2023-36258 via langchain (>=0.0.100 <=0.0.246)

langchain PYPI version =0.0.100, =0.2.1, =0.1.0, =0.1.5, =0.0.1, =0.0.1, =0.0.1, =0.0.5, =0.0.14, =0.1.9, =0.0.33, =0.1.0a0, =0.2.0, =0.1.3, =0.1.5 and more Source cves: CVE-2023-36258 Source advisory: OSV:PYSEC-2023-98...

9.8CVSS7.2AI score0.01074EPSS
Exploits1
OSV
OSV
added 2023/07/03 12:0 a.m.18 views

CVE-2023-36258

An issue in LangChain before 0.0.236 allows an attacker to execute arbitrary code because Python code with os.system, exec, or eval can be used...

9.8CVSS9.6AI score0.01074EPSS
Exploits1References3
CVE
CVE
added 2023/07/03 12:0 a.m.137 views

CVE-2023-36258

LangChain prior to 0.0.236 is affected by CVE-2023-36258, enabling an attacker to execute arbitrary Python code via os.system, eval, or exec. The issue affects LangChain’s Python usage and the root cause relates to unsafe code execution functions; updating to 0.0.236 or later is recommended to re...

9.8CVSS9.5AI score0.01074EPSS
In wildExploits1References1Affected Software1
Rows per page
Query Builder