10 matches found
CVE-2023-36258
An issue in LangChain before 0.0.236 allows an attacker to execute arbitrary code because Python code with os.system, exec, or eval can be used...
Code Injection
langchain is vulnerable to Code Injection. The vulnerability is due to improper prompt santization in the PALChain. This vulnerability bypasses CVE-2023-36258...
langchain_experimental vulnerable to arbitrary code execution via PALChain in the python exec method
langchainexperimental aka LangChain Experimental in LangChain before 0.0.306 allows an attacker to bypass the CVE-2023-36258 fix and execute arbitrary code via import in Python code, which is not prohibited by palchain/base.py...
Design/Logic Flaw
langchainexperimental aka LangChain Experimental in LangChain before 0.0.306 allows an attacker to bypass the CVE-2023-36258 fix and execute arbitrary code via import in Python code, which is not prohibited by palchain/base.py...
PYSEC-2023-194
langchainexperimental 0.0.14 allows an attacker to bypass the CVE-2023-36258 fix and execute arbitrary code via the PALChain in the python exec method...
CVE-2023-44467
langchainexperimental aka LangChain Experimental in LangChain before 0.0.306 allows an attacker to bypass the CVE-2023-36258 fix and execute arbitrary code via import in Python code, which is not prohibited by palchain/base.py...
agent-actors (=0.1.0), agent-reader (>=0.2.1 <=0.2.2) +176 more potentially affected by CVE-2023-36258 via langchain (>=0.0.100 <=0.0.246)
langchain PYPI version =0.0.100, =0.2.1, =0.1.0, =0.1.5, =0.0.1, =0.0.1, =0.0.1, =0.0.5, =0.0.14, =0.1.9, =0.0.33, =0.1.0a0, =0.2.0, =0.1.3, =0.1.5 and more Source cves: CVE-2023-36258 Source advisory: OSV:GHSA-2QMJ-7962-CJQ8...
agent-actors (=0.1.0), agent-reader (>=0.2.1 <=0.2.2) +176 more potentially affected by CVE-2023-36258 via langchain (>=0.0.100 <=0.0.246)
langchain PYPI version =0.0.100, =0.2.1, =0.1.0, =0.1.5, =0.0.1, =0.0.1, =0.0.1, =0.0.5, =0.0.14, =0.1.9, =0.0.33, =0.1.0a0, =0.2.0, =0.1.3, =0.1.5 and more Source cves: CVE-2023-36258 Source advisory: OSV:PYSEC-2023-98...
CVE-2023-36258
An issue in LangChain before 0.0.236 allows an attacker to execute arbitrary code because Python code with os.system, exec, or eval can be used...
CVE-2023-36258
LangChain prior to 0.0.236 is affected by CVE-2023-36258, enabling an attacker to execute arbitrary Python code via os.system, eval, or exec. The issue affects LangChain’s Python usage and the root cause relates to unsafe code execution functions; updating to 0.0.236 or later is recommended to re...