4 matches found
Security Bulletin: Astronomer with IBM is vulnerable to arbitrary code execution due to the LangChain package (CVE-2023-38896).
Summary LangChain is used by Astronomer with IBM as part of LLM processing. Vulnerability Details CVEID:CVE-2023-38896 DESCRIPTION: LangChain could allow a remote attacker to execute arbitrary code on the system, caused by improper neutralization of user supplied-input by the frommathprompt and...
agent-actors (=0.1.0), agent-reader (>=0.2.1 <=0.2.2) +162 more potentially affected by CVE-2023-38896 via langchain (>=0.0.100 <=0.0.235)
langchain PYPI version =0.0.100, =0.2.1, =0.1.0, =0.1.5, =0.0.1, =0.0.1, =0.0.1, =0.0.5, =0.0.14, =0.1.9, =0.0.33, =0.1.0a0, =0.2.0, =0.1.3, =0.1.5 and more Source cves: CVE-2023-38896 Source advisory: OSV:GHSA-92J5-3459-QGP4...
CVE-2023-38896
CVE-2023-38896 affects Harrison Chase LangChain up to and including versions before 0.0.236 (per OSV and GHSA) and up to v0.0.194 and earlier (per NVD). It enables remote arbitrary code execution via from_math_prompt and from_colored_object_prompt due to improper neutralization of user input. Imp...
CVE-2023-38896
An issue in Harrison Chase langchain v.0.0.194 and before allows a remote attacker to execute arbitrary code via the frommathprompt and fromcoloredobjectprompt functions...