EUVD-2023-0112

Malicious code in bioql PyPI...

EUVD-2023-0114

Malicious code in bioql PyPI...

CVE-2024-2057

CVE-2024-2057 affects LangChain langchain_community 0.0.26, specifically the TFIDFRetriever’s load_local in libs/community/langchain_community/retrievers/tfidf.py. The vulnerability enables server-side request forgery (SSRF) and is exploitable remotely; public disclosure exists. Upgrading to 0.0....

LangChain vulnerable to arbitrary code execution

An issue in Harrison Chase langchain before version 0.0.236 allows a remote attacker to execute arbitrary code via the frommathprompt and fromcoloredobjectprompt functions...

CVE-2023-38896

An issue in Harrison Chase langchain v.0.0.194 and before allows a remote attacker to execute arbitrary code via the frommathprompt and fromcoloredobjectprompt functions...

CVE-2023-38896

An issue in Harrison Chase langchain v.0.0.194 and before allows a remote attacker to execute arbitrary code via the frommathprompt and fromcoloredobjectprompt functions...

CVE-2023-38896

CVE-2023-38896 affects Harrison Chase LangChain up to and including versions before 0.0.236 (per OSV and GHSA) and up to v0.0.194 and earlier (per NVD). It enables remote arbitrary code execution via from_math_prompt and from_colored_object_prompt due to improper neutralization of user input. Imp...

CVE-2023-38896

An issue in Harrison Chase langchain v.0.0.194 and before allows a remote attacker to execute arbitrary code via the frommathprompt and fromcoloredobjectprompt functions...

CVE-2023-38896

An issue in Harrison Chase langchain v.0.0.194 and before allows a remote attacker to execute arbitrary code via the frommathprompt and fromcoloredobjectprompt functions...

PT-2023-26673 · Harrison Chase · Langchain

Name of the Vulnerable Software and Affected Versions: Harrison Chase langchain versions 0.0.194 and before Harrison Chase langchain versions prior to 0.0.236 Description: An issue in Harrison Chase langchain allows a remote attacker to execute arbitrary code via the from math prompt and from...

langchain Code Injection vulnerability

An issue in Harrison Chase langchain allows an attacker to execute arbitrary code via the PALChain,frommathpromptllm.run in the python exec method...

CVE-2023-36095

An issue in Harrison Chase langchain v.0.0.194 allows an attacker to execute arbitrary code via the python exec calls in the PALChain, affected functions include frommathprompt and fromcoloredobjectprompt...

CVE-2023-36095

An issue in Harrison Chase langchain v.0.0.194 allows an attacker to execute arbitrary code via the python exec calls in the PALChain, affected functions include frommathprompt and fromcoloredobjectprompt...

Design/Logic Flaw

An issue in Harrison Chase langchain v.0.0.194 allows an attacker to execute arbitrary code via the python exec calls in the PALChain, affected functions include frommathprompt and fromcoloredobjectprompt...

CVE-2023-36095

An issue in Harrison Chase langchain v.0.0.194 allows an attacker to execute arbitrary code via the python exec calls in the PALChain, affected functions include frommathprompt and fromcoloredobjectprompt...

CVE-2023-36095

LangChain v0.0.194 is affected by a code-injection vulnerability (CVE-2023-36095) via the PALChain, enabling an attacker to execute arbitrary Python code through exec calls in from_math_prompt and from_colored_object_prompt. Reported impacts include high severity with potential full compromise; C...

CVE-2023-36095

An issue in Harrison Chase langchain v.0.0.194 allows an attacker to execute arbitrary code via the python exec calls in the PALChain, affected functions include frommathprompt and fromcoloredobjectprompt...