5 matches found
PYSEC-2026-375 LangChain Experimental vulnerable to arbitrary code execution
langchainexperimental aka LangChain Experimental before 0.0.52, part of LangChain before 0.1.8, allows an attacker to bypass the CVE-2023-44467 fix and execute arbitrary code via the import, subclasses, builtins, globals, getattribute, bases, mro, or base attribute in Python code. These are not...
Lupa has a Sandbox escape and RCE due to incomplete attribute_filter enforcement in getattr / setattr
Summary The attributefilter in the Lupa library is intended to restrict access to sensitive Python attributes when exposing objects to Lua. However, the filter is not consistently applied when attributes are accessed through built-in functions like getattr and setattr. This allows an attacker to...
CVE-2024-27444
langchainexperimental aka LangChain Experimental in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-44467 fix and execute arbitrary code via the import, subclasses, builtins, globals, getattribute, bases, mro, or base attribute in Python code. These are not prohibited by...
CVE-2024-27444
langchainexperimental aka LangChain Experimental in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-44467 fix and execute arbitrary code via the import, subclasses, builtins, globals, getattribute, bases, mro, or base attribute in Python code. These are not prohibited by...
PT-2024-21902
Name of the Vulnerable Software and Affected Versions LangChain versions prior to 0.1.8 langchain experimental versions prior to 0.0.52 Description The issue allows an attacker to bypass a previous fix and execute arbitrary code via certain attributes in Python code, including import , subclasses...