5 matches found
bashbuddy (>=0.2.0 <=0.2.1), boilerplate-x (>=0.1.1 <=0.2.8) +23 more potentially affected by CVE-2023-29374 via langchain (>=0.0.100 <=0.0.131)
langchain PYPI version =0.0.100, =0.2.0, =0.1.1, =0.0.0, =0.1.0, =0.0.1, =0.0.4, =10.9.15, =0.1.3, =0.3.0, =0.0.1, =0.0.13, =0.0.1, =0.0.40, =0.1.1, =0.0.1, =0.0.7 and more Source cves: CVE-2023-29374 Source advisory: OSV:GHSA-FPRP-P869-W6Q2...
bashbuddy (>=0.2.0 <=0.2.1), boilerplate-x (>=0.1.1 <=0.2.8) +23 more potentially affected by CVE-2023-29374 via langchain (>=0.0.100 <=0.0.131)
langchain PYPI version =0.0.100, =0.2.0, =0.1.1, =0.0.0, =0.1.0, =0.0.1, =0.0.4, =10.9.15, =0.1.3, =0.3.0, =0.0.1, =0.0.13, =0.0.1, =0.0.40, =0.1.1, =0.0.1, =0.0.7 and more Source cves: CVE-2023-29374 Source advisory: OSV:PYSEC-2023-18...
CVE-2023-29374
CVE-2023-29374 affects LangChain up to version 0.0.131. The vulnerability lies in the LLMMathChain chain, enabling prompt injection that can execute arbitrary Python code via the built-in exec() method. The NVD/CVE data indicate a high-severity issue (CVSS v3.1: 9.8, CRITICAL) with network attack...
CVE-2023-29374
In LangChain through 0.0.131, the LLMMathChain chain allows prompt injection attacks that can execute arbitrary code via the Python exec method...
CVE-2023-29374
In LangChain through 0.0.131, the LLMMathChain chain allows prompt injection attacks that can execute arbitrary code via the Python exec method...