892 matches found
CVE-2023-34541
Langchain 0.0.171 is vulnerable to Arbitrary code execution in loadprompt...
Arbitrary Code Execution
langchain is vulnerable to Arbitrary Code Execution. The vulnerability is due to insufficient input sanitization in the run function of jira.py when using the other jira mode, which allows an attacker to execute malicious code on the system...
agent-actors (=0.1.0), agent-reader (>=0.2.1 <=0.2.2) +143 more potentially affected by CVE-2023-34540 via langchain (>=0.0.100 <=0.0.224)
langchain PYPI version =0.0.100, =0.2.1, =0.1.0, =0.1.5, =0.0.1, =0.0.1, =0.0.1, =0.0.5, =0.0.14, =0.1.9, =0.0.33, =0.2.0, =0.1.3, =0.1.1, =0.1.18 and more Source cves: CVE-2023-34540 Source advisory: OSV:GHSA-X32C-59V5-H7FG...
GHSA-X32C-59V5-H7FG Langchain OS Command Injection vulnerability
Langchain before v0.0.225 was discovered to contain a remote code execution RCE vulnerability in the component JiraAPIWrapper aka the JIRA API wrapper. This vulnerability allows attackers to execute arbitrary code via crafted input. As noted in the "releases/tag" reference, a fix is available...
Langchain OS Command Injection vulnerability
Langchain before v0.0.225 was discovered to contain a remote code execution RCE vulnerability in the component JiraAPIWrapper aka the JIRA API wrapper. This vulnerability allows attackers to execute arbitrary code via crafted input. As noted in the "releases/tag" reference, a fix is available...
CVE-2023-34540
Langchain before v0.0.225 was discovered to contain a remote code execution RCE vulnerability in the component JiraAPIWrapper aka the JIRA API wrapper. This vulnerability allows attackers to execute arbitrary code via crafted input. As noted in the "releases/tag" reference, a fix is available...
CVE-2023-34540
Langchain before v0.0.225 was discovered to contain a remote code execution RCE vulnerability in the component JiraAPIWrapper aka the JIRA API wrapper. This vulnerability allows attackers to execute arbitrary code via crafted input. As noted in the "releases/tag" reference, a fix is available...
agent-actors (=0.1.0), agent-reader (>=0.2.1 <=0.2.2) +143 more potentially affected by CVE-2023-34540 via langchain (>=0.0.100 <=0.0.224)
langchain PYPI version =0.0.100, =0.2.1, =0.1.0, =0.1.5, =0.0.1, =0.0.1, =0.0.1, =0.0.5, =0.0.14, =0.1.9, =0.0.33, =0.2.0, =0.1.3, =0.1.1, =0.1.18 and more Source cves: CVE-2023-34540 Source advisory: OSV:PYSEC-2023-91...
PYSEC-2023-91
Langchain 0.0.171 is vulnerable to Arbitrary Code Execution...
PYSEC-2023-91
Langchain 0.0.171 is vulnerable to Arbitrary Code Execution...
Remote code execution
Langchain before v0.0.225 was discovered to contain a remote code execution RCE vulnerability in the component JiraAPIWrapper aka the JIRA API wrapper. This vulnerability allows attackers to execute arbitrary code via crafted input. As noted in the "releases/tag" reference, a fix is available...
PT-2023-24913 · Langchain · Langchain
Name of the Vulnerable Software and Affected Versions: Langchain versions prior to 0.0.225 Description: The issue allows attackers to execute arbitrary code via crafted input, specifically through the JiraAPIWrapper component. This enables the execution of arbitrary code, potentially leading to...
CVE-2023-34540
Langchain before v0.0.225 was discovered to contain a remote code execution RCE vulnerability in the component JiraAPIWrapper aka the JIRA API wrapper. This vulnerability allows attackers to execute arbitrary code via crafted input. As noted in the "releases/tag" reference, a fix is available...
Langchain 安全漏洞
LangChain is used to build applications using LLM through composability. A security vulnerability exists in Langchain version 0.0.171, which stems from an arbitrary code execution vulnerability...
CVE-2023-34540
Summary: Langchain before v0.0.225 contains a remote code execution vulnerability in the JiraAPIWrapper. The flaw allows an attacker to execute arbitrary code via crafted input in the wrapper component. A fix is available, referenced by the v0.0.225 release notes. Affected scope (from connected d...
CVE-2023-34540
Langchain before v0.0.225 was discovered to contain a remote code execution RCE vulnerability in the component JiraAPIWrapper aka the JIRA API wrapper. This vulnerability allows attackers to execute arbitrary code via crafted input. As noted in the "releases/tag" reference, a fix is available...
PT-2023-4194 · Langchain · Langchain
Name of the Vulnerable Software and Affected Versions: LangChain versions prior to 0.0.247 Description: The issue is related to a SQL injection vulnerability that allows a remote attacker to obtain sensitive information via the SQLDatabaseChain component. This vulnerability is due to the lack of...
bashbuddy (>=0.2.0 <=0.2.1), boilerplate-x (>=0.1.1 <=0.2.8) +23 more potentially affected by CVE-2023-29374 via langchain (>=0.0.100 <=0.0.131)
langchain PYPI version =0.0.100, =0.2.0, =0.1.1, =0.0.0, =0.1.0, =0.0.1, =0.0.4, =10.9.15, =0.1.3, =0.3.0, =0.0.1, =0.0.13, =0.0.1, =0.0.40, =0.1.1, =0.0.1, =0.0.7 and more Source cves: CVE-2023-29374 Source advisory: OSV:GHSA-FPRP-P869-W6Q2...
GHSA-FPRP-P869-W6Q2 LangChain vulnerable to code injection
In LangChain through 0.0.131, the LLMMathChain chain allows prompt injection attacks that can execute arbitrary code via the Python exec method...
LangChain vulnerable to code injection
In LangChain through 0.0.131, the LLMMathChain chain allows prompt injection attacks that can execute arbitrary code via the Python exec method...