21 matches found
ROOT-APP-PYPI-CVE-2023-39631 CVE-2023-39631 in rootio-numexpr - Patched by Root
Root has patched CVE-2023-39631 in the rootio-numexpr package for Root:PyPI. Multiple fixed versions available...
EUVD-2023-0117
Malicious code in bioql PyPI...
CVE-2023-39631
An issue in LanChain-ai Langchain v.0.0.245 allows a remote attacker to execute arbitrary code via the evaluate function in the numexpr library...
ROS-20250203-08
Vulnerability in numexpr library of framework for creating applications based on combining languages and models LangChain is related to incorrect code generation control. LangChain models is related to improper code generation control. Exploitation of the vulnerability could allow an attacker...
Arbitrary Code Execution
langchain is vulnerable to Arbitrary Code Execution. The vulnerability exists in evaluate function of numexpr library which allows an attacker to inject and execute arbitrary commands...
GHSA-F73W-4M7G-CH9X Langchain vulnerable to arbitrary code execution via the evaluate function in the numexpr library
An issue in LanChain-ai Langchain v.0.0.245 allows a remote attacker to execute arbitrary code via the evaluate function in the numexpr library. Patches: Released in v.0.0.308. numexpr dependency is optional for langchain...
Langchain vulnerable to arbitrary code execution via the evaluate function in the numexpr library
An issue in LanChain-ai Langchain v.0.0.245 allows a remote attacker to execute arbitrary code via the evaluate function in the numexpr library. Patches: Released in v.0.0.308. numexpr dependency is optional for langchain...
CVE-2023-39631
An issue in LanChain-ai Langchain v.0.0.245 allows a remote attacker to execute arbitrary code via the evaluate function in the numexpr library...
CVE-2023-39631
An issue in LanChain-ai Langchain v.0.0.245 allows a remote attacker to execute arbitrary code via the evaluate function in the numexpr library...
CVE-2023-39631
An issue in LanChain-ai Langchain v.0.0.245 allows a remote attacker to execute arbitrary code via the evaluate function in the numexpr library...
PYSEC-2023-162
An issue in LanChain-ai Langchain v.0.0.245 allows a remote attacker to execute arbitrary code via the evaluate function in the numexpr library...
Code injection
An issue in LanChain-ai Langchain v.0.0.245 allows a remote attacker to execute arbitrary code via the evaluate function in the numexpr library...
PYSEC-2023-162
An issue in LanChain-ai Langchain v.0.0.245 allows a remote attacker to execute arbitrary code via the evaluate function in the numexpr library...
PYSEC-2023-163
An issue in LanChain-ai Langchain v.0.0.245 allows a remote attacker to execute arbitrary code via the evaluate function in the numexpr library...
PYSEC-2023-163
An issue in LanChain-ai Langchain v.0.0.245 allows a remote attacker to execute arbitrary code via the evaluate function in the numexpr library...
CVE-2023-39631
LangChain (Langchain) v0.0.245 contains a remote code execution vulnerability in the evaluate function via the numexpr library. Root cause: improper neutralization/input handling in the evaluate path, enabling arbitrary code execution. Affected component/function: Langchain’s evaluate using numex...
CVE-2023-39631
An issue in LanChain-ai Langchain v.0.0.245 allows a remote attacker to execute arbitrary code via the evaluate function in the numexpr library...
CVE-2023-39631
An issue in LanChain-ai Langchain v.0.0.245 allows a remote attacker to execute arbitrary code via the evaluate function in the numexpr library...
LangChain Code Injection Vulnerability
LangChain is used to build applications using LLM through composability. A security vulnerability exists in Langchain version v.0.0.245, which stems from a vulnerability that could allow a remote attacker to execute arbitrary code via an evaluation function in the numexpr library...
PT-2023-27040
Name of the Vulnerable Software and Affected Versions LangChain versions 0.0.245 through 0.0.307 Description The issue is related to incorrect code generation control in the numexpr library of the LangChain framework, allowing a remote attacker to execute arbitrary code via the evaluate function...