4 matches found
CVE-2023-36281
An issue in langchain v.0.0.171 allows a remote attacker to execute arbitrary code via a JSON file to loadprompt. This is related to subclasses or a template...
Exploit for Code Injection in Langchain
CVE-2023-36281 PoC of CVE-2023-36281 I referred to this PoC...
agent-actors (=0.1.0), agentverse (>=0.1.5 <=0.1.8.1) +78 more potentially affected by CVE-2023-36281 via langchain (>=0.0.100 <=0.0.168)
langchain PYPI version =0.0.100, =0.1.5, =0.0.1, =0.0.5, =0.2.0, =0.1.1, =0.1.1, =0.0.0, =0.0.1, =0.1.0, =0.2.1, =0.1.0, =0.0.1, =0.0.3, =0.0.7 and more Source cves: CVE-2023-36281 Source advisory: OSV:PYSEC-2023-151...
CVE-2023-36281
Summary: CVE-2023-36281 affects LangChain v0.0.171, enabling remote code execution via a JSON file passed to the load_prompt pathway. The issue is described as related to subclasses or a template, with a high-severity CVSS 3.1 score (9.8) across sources (NVD/Red Hat/OSV/GHSA). What’s affected: La...