Lucene search
K

4 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/05/15 10:54 p.m.10 views

Security Bulletin: Astronomer with IBM is vulnerable to arbitrary code execution due to the LangChain package (CVE-2023-38896).

Summary LangChain is used by Astronomer with IBM as part of LLM processing. Vulnerability Details CVEID:CVE-2023-38896 DESCRIPTION: LangChain could allow a remote attacker to execute arbitrary code on the system, caused by improper neutralization of user supplied-input by the frommathprompt and...

9.8CVSS7.6AI score0.01515EPSS
Exploits1Affected Software1
vulnersOsv
vulnersOsv
added 2023/08/15 6:31 p.m.6 views

agent-actors (=0.1.0), agent-reader (>=0.2.1 <=0.2.2) +162 more potentially affected by CVE-2023-38896 via langchain (>=0.0.100 <=0.0.235)

langchain PYPI version =0.0.100, =0.2.1, =0.1.0, =0.1.5, =0.0.1, =0.0.1, =0.0.1, =0.0.5, =0.0.14, =0.1.9, =0.0.33, =0.1.0a0, =0.2.0, =0.1.3, =0.1.5 and more Source cves: CVE-2023-38896 Source advisory: OSV:GHSA-92J5-3459-QGP4...

9.8CVSS7.2AI score0.01515EPSS
Exploits1
CVE
CVE
added 2023/08/15 12:0 a.m.75 views

CVE-2023-38896

CVE-2023-38896 affects Harrison Chase LangChain up to and including versions before 0.0.236 (per OSV and GHSA) and up to v0.0.194 and earlier (per NVD). It enables remote arbitrary code execution via from_math_prompt and from_colored_object_prompt due to improper neutralization of user input. Imp...

9.8CVSS9.6AI score0.01515EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2023/08/15 12:0 a.m.18 views

CVE-2023-38896

An issue in Harrison Chase langchain v.0.0.194 and before allows a remote attacker to execute arbitrary code via the frommathprompt and fromcoloredobjectprompt functions...

9.8CVSS8.1AI score0.01515EPSS
Exploits1References5
Rows per page
Query Builder