Lucene search
K

5 matches found

OSV
OSV
added 3 days ago6 views

PYSEC-2026-375 LangChain Experimental vulnerable to arbitrary code execution

langchainexperimental aka LangChain Experimental before 0.0.52, part of LangChain before 0.1.8, allows an attacker to bypass the CVE-2023-44467 fix and execute arbitrary code via the import, subclasses, builtins, globals, getattribute, bases, mro, or base attribute in Python code. These are not...

9.8CVSS7.7AI score0.00766EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/04/07 3:48 p.m.7 views

Lupa has a Sandbox escape and RCE due to incomplete attribute_filter enforcement in getattr / setattr

Summary The attributefilter in the Lupa library is intended to restrict access to sensitive Python attributes when exposing objects to Lua. However, the filter is not consistently applied when attributes are accessed through built-in functions like getattr and setattr. This allows an attacker to...

10CVSS6.5AI score0.00613EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 9:39 a.m.20 views

CVE-2024-27444

langchainexperimental aka LangChain Experimental in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-44467 fix and execute arbitrary code via the import, subclasses, builtins, globals, getattribute, bases, mro, or base attribute in Python code. These are not prohibited by...

9.8CVSS9.7AI score0.00943EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/02/26 12:0 a.m.26 views

CVE-2024-27444

langchainexperimental aka LangChain Experimental in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-44467 fix and execute arbitrary code via the import, subclasses, builtins, globals, getattribute, bases, mro, or base attribute in Python code. These are not prohibited by...

8AI score0.00766EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/02/25 12:0 a.m.4 views

PT-2024-21902

Name of the Vulnerable Software and Affected Versions LangChain versions prior to 0.1.8 langchain experimental versions prior to 0.0.52 Description The issue allows an attacker to bypass a previous fix and execute arbitrary code via certain attributes in Python code, including import , subclasses...

9.8CVSS7.6AI score0.00766EPSS
Exploits0References12
Rows per page
Query Builder