Lucene search
K

892 matches found

OSV
OSV
added 2023/06/20 12:0 a.m.11 views

CVE-2023-34541

Langchain 0.0.171 is vulnerable to Arbitrary code execution in loadprompt...

9.8CVSS7.6AI score0.00943EPSS
Exploits1References3
Veracode
Veracode
added 2023/06/19 9:15 a.m.12 views

Arbitrary Code Execution

langchain is vulnerable to Arbitrary Code Execution. The vulnerability is due to insufficient input sanitization in the run function of jira.py when using the other jira mode, which allows an attacker to execute malicious code on the system...

9.8CVSS7.4AI score0.01681EPSS
Exploits1References6Affected Software1
vulnersOsv
vulnersOsv
added 2023/06/14 3:30 p.m.4 views

agent-actors (=0.1.0), agent-reader (>=0.2.1 <=0.2.2) +143 more potentially affected by CVE-2023-34540 via langchain (>=0.0.100 <=0.0.224)

langchain PYPI version =0.0.100, =0.2.1, =0.1.0, =0.1.5, =0.0.1, =0.0.1, =0.0.1, =0.0.5, =0.0.14, =0.1.9, =0.0.33, =0.2.0, =0.1.3, =0.1.1, =0.1.18 and more Source cves: CVE-2023-34540 Source advisory: OSV:GHSA-X32C-59V5-H7FG...

9.8CVSS7.2AI score0.01681EPSS
Exploits1
OSV
OSV
added 2023/06/14 3:30 p.m.3 views

GHSA-X32C-59V5-H7FG Langchain OS Command Injection vulnerability

Langchain before v0.0.225 was discovered to contain a remote code execution RCE vulnerability in the component JiraAPIWrapper aka the JIRA API wrapper. This vulnerability allows attackers to execute arbitrary code via crafted input. As noted in the "releases/tag" reference, a fix is available...

9.8CVSS8AI score0.01681EPSS
Exploits1References8
Github Security Blog
Github Security Blog
added 2023/06/14 3:30 p.m.54 views

Langchain OS Command Injection vulnerability

Langchain before v0.0.225 was discovered to contain a remote code execution RCE vulnerability in the component JiraAPIWrapper aka the JIRA API wrapper. This vulnerability allows attackers to execute arbitrary code via crafted input. As noted in the "releases/tag" reference, a fix is available...

9.8CVSS10AI score0.01681EPSS
Exploits1References8Affected Software1
NVD
NVD
added 2023/06/14 3:15 p.m.25 views

CVE-2023-34540

Langchain before v0.0.225 was discovered to contain a remote code execution RCE vulnerability in the component JiraAPIWrapper aka the JIRA API wrapper. This vulnerability allows attackers to execute arbitrary code via crafted input. As noted in the "releases/tag" reference, a fix is available...

9.8CVSS9.9AI score0.01681EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2023/06/14 3:15 p.m.4 views

CVE-2023-34540

Langchain before v0.0.225 was discovered to contain a remote code execution RCE vulnerability in the component JiraAPIWrapper aka the JIRA API wrapper. This vulnerability allows attackers to execute arbitrary code via crafted input. As noted in the "releases/tag" reference, a fix is available...

9.8CVSS6.7AI score0.01681EPSS
Exploits1References4
vulnersOsv
vulnersOsv
added 2023/06/14 3:15 p.m.3 views

agent-actors (=0.1.0), agent-reader (>=0.2.1 <=0.2.2) +143 more potentially affected by CVE-2023-34540 via langchain (>=0.0.100 <=0.0.224)

langchain PYPI version =0.0.100, =0.2.1, =0.1.0, =0.1.5, =0.0.1, =0.0.1, =0.0.1, =0.0.5, =0.0.14, =0.1.9, =0.0.33, =0.2.0, =0.1.3, =0.1.1, =0.1.18 and more Source cves: CVE-2023-34540 Source advisory: OSV:PYSEC-2023-91...

9.8CVSS7.2AI score0.01681EPSS
Exploits1
PyPA
PyPA
added 2023/06/14 3:15 p.m.9 views

PYSEC-2023-91

Langchain 0.0.171 is vulnerable to Arbitrary Code Execution...

9.8CVSS7.1AI score0.01681EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2023/06/14 3:15 p.m.9 views

PYSEC-2023-91

Langchain 0.0.171 is vulnerable to Arbitrary Code Execution...

9.8CVSS7.2AI score0.01681EPSS
Exploits1References4
Prion
Prion
added 2023/06/14 3:15 p.m.17 views

Remote code execution

Langchain before v0.0.225 was discovered to contain a remote code execution RCE vulnerability in the component JiraAPIWrapper aka the JIRA API wrapper. This vulnerability allows attackers to execute arbitrary code via crafted input. As noted in the "releases/tag" reference, a fix is available...

7.5CVSS9.9AI score0.01681EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2023/06/14 12:0 a.m.7 views

PT-2023-24913 · Langchain · Langchain

Name of the Vulnerable Software and Affected Versions: Langchain versions prior to 0.0.225 Description: The issue allows attackers to execute arbitrary code via crafted input, specifically through the JiraAPIWrapper component. This enables the execution of arbitrary code, potentially leading to...

9.8CVSS9.7AI score0.01681EPSS
Exploits1References14
Cvelist
Cvelist
added 2023/06/14 12:0 a.m.25 views

CVE-2023-34540

Langchain before v0.0.225 was discovered to contain a remote code execution RCE vulnerability in the component JiraAPIWrapper aka the JIRA API wrapper. This vulnerability allows attackers to execute arbitrary code via crafted input. As noted in the "releases/tag" reference, a fix is available...

10AI score0.01681EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/06/14 12:0 a.m.7 views

Langchain 安全漏洞

LangChain is used to build applications using LLM through composability. A security vulnerability exists in Langchain version 0.0.171, which stems from an arbitrary code execution vulnerability...

9.8CVSS9.1AI score0.01681EPSS
Exploits1References3
CVE
CVE
added 2023/06/14 12:0 a.m.222 views

CVE-2023-34540

Summary: Langchain before v0.0.225 contains a remote code execution vulnerability in the JiraAPIWrapper. The flaw allows an attacker to execute arbitrary code via crafted input in the wrapper component. A fix is available, referenced by the v0.0.225 release notes. Affected scope (from connected d...

9.8CVSS9.8AI score0.01681EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2023/06/14 12:0 a.m.11 views

CVE-2023-34540

Langchain before v0.0.225 was discovered to contain a remote code execution RCE vulnerability in the component JiraAPIWrapper aka the JIRA API wrapper. This vulnerability allows attackers to execute arbitrary code via crafted input. As noted in the "releases/tag" reference, a fix is available...

9.8CVSS9.9AI score0.01681EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2023/06/06 12:0 a.m.3 views

PT-2023-4194 · Langchain · Langchain

Name of the Vulnerable Software and Affected Versions: LangChain versions prior to 0.0.247 Description: The issue is related to a SQL injection vulnerability that allows a remote attacker to obtain sensitive information via the SQLDatabaseChain component. This vulnerability is due to the lack of...

8.7CVSS7.9AI score0.01237EPSS
Exploits1References16
vulnersOsv
vulnersOsv
added 2023/04/05 3:30 a.m.5 views

bashbuddy (>=0.2.0 <=0.2.1), boilerplate-x (>=0.1.1 <=0.2.8) +23 more potentially affected by CVE-2023-29374 via langchain (>=0.0.100 <=0.0.131)

langchain PYPI version =0.0.100, =0.2.0, =0.1.1, =0.0.0, =0.1.0, =0.0.1, =0.0.4, =10.9.15, =0.1.3, =0.3.0, =0.0.1, =0.0.13, =0.0.1, =0.0.40, =0.1.1, =0.0.1, =0.0.7 and more Source cves: CVE-2023-29374 Source advisory: OSV:GHSA-FPRP-P869-W6Q2...

9.8CVSS7.2AI score0.39653EPSS
Exploits1
OSV
OSV
added 2023/04/05 3:30 a.m.64 views

GHSA-FPRP-P869-W6Q2 LangChain vulnerable to code injection

In LangChain through 0.0.131, the LLMMathChain chain allows prompt injection attacks that can execute arbitrary code via the Python exec method...

9.8CVSS7.5AI score0.39653EPSS
Exploits1References7
Github Security Blog
Github Security Blog
added 2023/04/05 3:30 a.m.60 views

LangChain vulnerable to code injection

In LangChain through 0.0.131, the LLMMathChain chain allows prompt injection attacks that can execute arbitrary code via the Python exec method...

9.8CVSS9.7AI score0.39653EPSS
Exploits1References7Affected Software1
Rows per page
Query Builder