5 matches found
CVE-2023-32786
In Langchain through 0.0.155, prompt injection allows an attacker to force the service to retrieve data from an arbitrary URL, essentially providing SSRF and potentially injecting content into downstream tasks...
CVE-2023-32786
creationtimestamp| type| source ---|---|--- 2023-10-21 02:35:35+00:00| seen| https://t.me/cibsecurity/72724...
agent-actors (=0.1.0), agent-lab-sdk (>=0.1.7 <=0.1.16) +286 more potentially affected by CVE-2023-32786 via langchain (>=0.0.100 <=0.0.327)
langchain PYPI version =0.0.100, =0.1.7, =0.2.1, =0.1.0, =0.1.5, =0.0.2, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.1.8, =0.0.5, =0.0.14, =0.0.18 - athina =0.1.0 and more Source cves: CVE-2023-32786 Source advisory: OSV:GHSA-6H8P-4HX9-W66C...
CVE-2023-32786
CVE-2023-32786 affects LangChain up to version 0.0.155, where prompt injection can cause SSRF by forcing the service to fetch data from an arbitrary URL and potentially inject content into downstream tasks. Remediation in the connected advisories points to upgrading beyond 0.0.329 (e.g., LangChai...
CVE-2023-32786
In Langchain through 0.0.155, prompt injection allows an attacker to force the service to retrieve data from an arbitrary URL, essentially providing SSRF and potentially injecting content into downstream tasks...