25 matches found
VulnCheck KEV: CVE-2023-44467
langchainexperimental aka LangChain Experimental in LangChain before 0.0.306 allows an attacker to bypass the CVE-2023-36258 fix and execute arbitrary code via import in Python code, which is not prohibited by palchain/base.py...
CVE-2024-38459
langchainexperimental aka LangChain Experimental before 0.0.61 for LangChain provides Python REPL access without an opt-in step. NOTE; this issue exists because of an incomplete fix for CVE-2024-27444...
Eval Injection
LangChain Experimental is vulnerable to Eval Injection. The vulnerability is due to the use of sympy.sympify which relies on eval in the LLMSymbolicMathChain, allowing attackers to execute arbitrary code in versions 0.1.17 through 0.3.0...
LangChain Experimental Eval Injection vulnerability
langchainexperimental aka LangChain Experimental 0.1.17 through 0.3.0 for LangChain allows attackers to execute arbitrary code through sympy.sympify which uses eval in LLMSymbolicMathChain. LLMSymbolicMathChain was introduced in fcccde406dd9e9b05fc9babcbeb9ff527b0ec0c6 2023-10-05...
CVE-2024-46946
langchainexperimental aka LangChain Experimental 0.1.17 through 0.3.0 for LangChain allows attackers to execute arbitrary code through sympy.sympify which uses eval in LLMSymbolicMathChain. LLMSymbolicMathChain was introduced in fcccde406dd9e9b05fc9babcbeb9ff527b0ec0c6 2023-10-05...
LangChain Experimental Python Library <= 0.0.14 (CVE-2023-44467)
LangChain is a framework for developing applications powered by large language models. langchainexperimental aka LangChain Experimental in LangChain = 0.0.14 allows an attacker to bypass the CVE-2023-36258 fix and execute arbitrary code via import in Python code, which is not prohibited by...
kube-copilot (>=0.1.21 <=0.1.22), langcorn (>=0.0.14 <=0.0.18) +1 more potentially affected by CVE-2024-21513 via langchain-experimental (>=0.0.10 <=0.0.14)
langchain-experimental PYPI version =0.0.10, =0.1.21, =0.0.14, =2.3.0, =4.3.3 Source cves: CVE-2024-21513 Source advisory: OSV:GHSA-CGCG-P68Q-3W7V...
kube-copilot (>=0.1.21 <=0.1.22), langcorn (>=0.0.14 <=0.0.18) +1 more potentially affected by CVE-2024-21513 via langchain-experimental (>=0.0.10 <=0.0.14)
langchain-experimental PYPI version =0.0.10, =0.1.21, =0.0.14, =2.3.0, =4.3.3 Source cves: CVE-2024-21513 Source advisory: OSV:PYSEC-2024-62...
langchain_experimental Code Execution via Python REPL access
langchainexperimental aka LangChain Experimental before 0.0.61 for LangChain provides Python REPL access without an opt-in step. NOTE; this issue exists because of an incomplete fix for CVE-2024-27444...
apsbot (>=0.2.0 <=0.3.1), askagent (>=0.1.0 <=0.1.1) +36 more potentially affected by CVE-2024-38459 via langchain-experimental (>=0.0.10 <=0.0.60)
langchain-experimental PYPI version =0.0.10, =0.2.0, =0.1.0, =0.0.3, =0.1.1, =0.0.1a1, =0.0.1, =0.1.0, =0.1.4, =0.1.0, =0.1.21, =0.1.27 - lang-wrapper-for-rag =0.0.1 and more Source cves: CVE-2024-38459 Source advisory: OSV:GHSA-WMVM-9VQV-5QPP...
GHSA-WMVM-9VQV-5QPP langchain_experimental Code Execution via Python REPL access
langchainexperimental aka LangChain Experimental before 0.0.61 for LangChain provides Python REPL access without an opt-in step. NOTE; this issue exists because of an incomplete fix for CVE-2024-27444...
CVE-2024-38459
langchainexperimental aka LangChain Experimental before 0.0.61 for LangChain provides Python REPL access without an opt-in step. NOTE; this issue exists because of an incomplete fix for CVE-2024-27444...
CVE-2024-38459
langchainexperimental aka LangChain Experimental before 0.0.61 for LangChain provides Python REPL access without an opt-in step. NOTE; this issue exists because of an incomplete fix for CVE-2024-27444...
apsbot (>=0.2.0 <=0.3.1), askagent (>=0.1.0 <=0.1.1) +36 more potentially affected by CVE-2024-38459 via langchain-experimental (>=0.0.10 <=0.0.60)
langchain-experimental PYPI version =0.0.10, =0.2.0, =0.1.0, =0.0.3, =0.1.1, =0.0.1a1, =0.0.1, =0.1.0, =0.1.4, =0.1.0, =0.1.21, =0.1.27 - lang-wrapper-for-rag =0.0.1 and more Source cves: CVE-2024-38459 Source advisory: OSV:PYSEC-2024-53...
CVE-2024-38459
langchainexperimental aka LangChain Experimental before 0.0.61 for LangChain provides Python REPL access without an opt-in step. NOTE; this issue exists because of an incomplete fix for CVE-2024-27444...
CVE-2024-27444
langchainexperimental aka LangChain Experimental in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-44467 fix and execute arbitrary code via the import, subclasses, builtins, globals, getattribute, bases, mro, or base attribute in Python code. These are not prohibited by...
Authentication flaw
langchainexperimental aka LangChain Experimental in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-44467 fix and execute arbitrary code via the import, subclasses, builtins, globals, getattribute, bases, mro, or base attribute in Python code. These are not prohibited by...
CVE-2024-27444
The CVE-2024-27444 entry applies to langchain_experimental (LangChain Experimental) in LangChain prior to 0.1.8, where an attacker can bypass the fixes for CVE-2023-44467 and execute arbitrary Python code via privileged attributes (import , subclasses , builtins , globals , getattribute , bases ,...
CVE-2024-27444
langchainexperimental aka LangChain Experimental in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-44467 fix and execute arbitrary code via the import, subclasses, builtins, globals, getattribute, bases, mro, or base attribute in Python code. These are not prohibited by...
GHSA-GJJR-63X4-V8CQ langchain_experimental vulnerable to arbitrary code execution via PALChain in the python exec method
langchainexperimental aka LangChain Experimental in LangChain before 0.0.306 allows an attacker to bypass the CVE-2023-36258 fix and execute arbitrary code via import in Python code, which is not prohibited by palchain/base.py...