Eval Injection

Overview agentscope is an AgentScope: A Flexible yet Robust Multi-Agent Platform. Affected versions of this package are vulnerable to Eval Injection via the result = evals field of the iscallableexpression function in the agentscope\web\workstation\workflowutils.py file. An attacker can execute...

Exploit for Code Injection in Geoserver

CVE-2024-36401 This is a program for checking vulnerabilities...

Eval Injection

LangChain Experimental is vulnerable to Eval Injection. The vulnerability is due to the use of sympy.sympify which relies on eval in the LLMSymbolicMathChain, allowing attackers to execute arbitrary code in versions 0.1.17 through 0.3.0...

Eval Injection

guardrails-ai is vulnerable to Eval Injection. The vulnerability is due to improper validation in the parsetoken method of the ValidatorsAttr class in the guardrails/guardrails/validatorsattr.py file. An attacker can execute arbitrary code on the user's machine by loading a maliciously crafted XM...

GHSA-P2QJ-R53J-H3XJ LangChain Experimental Eval Injection vulnerability

langchainexperimental aka LangChain Experimental 0.1.17 through 0.3.0 for LangChain allows attackers to execute arbitrary code through sympy.sympify which uses eval in LLMSymbolicMathChain. LLMSymbolicMathChain was introduced in fcccde406dd9e9b05fc9babcbeb9ff527b0ec0c6 2023-10-05...

LangChain Experimental Eval Injection vulnerability

langchainexperimental aka LangChain Experimental 0.1.17 through 0.3.0 for LangChain allows attackers to execute arbitrary code through sympy.sympify which uses eval in LLMSymbolicMathChain. LLMSymbolicMathChain was introduced in fcccde406dd9e9b05fc9babcbeb9ff527b0ec0c6 2023-10-05...

Eval Injection

MindsDB is vulnerable to Eval Injection. The vulnerability is caused by improper validation of Python code in specially crafted ‘INSERT’ queries, which are executed via an unprotected eval function on the server, allowing an attacker to execute arbitrary code...

Eval Injection

MindsDB is vulnerable to Eval Injection. The vulnerability is due to unsanitized input in the Microsoft SharePoint integration, where a specially crafted 'INSERT' query for site column creation allows Python code to be passed to an eval function and executed on the server...

Exploit for Code Injection in Geoserver

CVE-2024-36401-PoC Proof-of-Concept Exploit for CVE-2024-36401...

Eval Injection

MindsDB is vulnerable to Eval Injection. The vulnerability is due to unsanitized input in the Microsoft SharePoint integration within sharepointapi.py, where a specially crafted 'INSERT' query containing Python code is passed to the eval function, allowing an attacker to execute arbitrary code on...

Eval Injection

MindsDB is vulnerable to Eval Injection. The vulnerability is due to unsanitized input in several integrations, where a specially crafted 'UPDATE' query containing Python code is passed to an eval function and executed on the server...

Eval Injection

MindsDB is vulnerable to arbitrary code execution. The vulnerability is due to unsanitized input in the ChromaDB integration, where a specially crafted 'INSERT' query containing Python code is passed to an eval function and executed on the server...

GHSA-WF9G-C67G-H4CH MindsDB Eval Injection vulnerability

An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an ‘INSERT’ query can be used for list item creation. If such a...

MindsDB Eval Injection vulnerability

An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an ‘INSERT’ query can be used for list item creation. If such a...

GHSA-WCJW-3V6P-4V3R MindsDB Eval Injection vulnerability

An arbitrary code execution vulnerability exists in versions 23.10.3.0 up to 24.7.4.1 of the MindsDB platform, when the Weaviate integration is installed on the server. If a specially crafted ‘SELECT WHERE’ clause containing Python code is run against a database created with the Weaviate engine,...

GHSA-C85F-PCX6-2GHM MindsDB Eval Injection vulnerability

An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an ‘INSERT’ query can be used for list creation. If such a query i...

GHSA-CRMG-RP64-5CM3 MindsDB Eval Injection vulnerability

An arbitrary code execution vulnerability exists in versions 23.11.4.2 up to 24.7.4.1 of the MindsDB platform, when one of several integrations is installed on the server. If a specially crafted ‘UPDATE’ query containing Python code is run against a database created with the specified integration...

GHSA-G2M8-F3X2-QPRW Refuel Autolab Eval Injection vulnerability

An arbitrary code execution vulnerability exists in versions 0.0.8 and newer of the Refuel Autolabel library because of the way its classification tasks handle provided CSV files. If a victim user creates a classification task using a maliciously crafted CSV file containing Python code, the code...

GHSA-V6G6-3CM3-VF6C MindsDB Eval Injection vulnerability

An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an ‘INSERT’ query can be used for site column creation. If such a...

GHSA-4FGP-7VVM-M4JF Refuel Autolab Eval Injection vulnerability

An arbitrary code execution vulnerability exists in versions 0.0.8 and newer of the Refuel Autolabel library because of the way its multilabel classification tasks handle provided CSV files. If a user creates a multilabel classification task using a maliciously crafted CSV file containing Python...