2 matches found
PYSEC-2026-374 LangChain Experimental Eval Injection vulnerability
langchainexperimental aka LangChain Experimental 0.1.17 through 0.3.0 for LangChain allows attackers to execute arbitrary code through sympy.sympify which uses eval in LLMSymbolicMathChain. LLMSymbolicMathChain was introduced in fcccde406dd9e9b05fc9babcbeb9ff527b0ec0c6 2023-10-05...
LangChain 安全漏洞
LangChain is the LangChain open source framework for developing applications powered by the Large Language Model LLM. A security vulnerability exists in LangChain versions 0.1.17 through 0.3.0 that originates from a vulnerability that allows an attacker to execute arbitrary code via sympy.sympify...