12 matches found
EUVD-2024-0087
Malicious code in bioql PyPI...
CVE-2024-21513
Versions of the package langchain-experimental from 0.0.15 and before 0.0.21 are vulnerable to Arbitrary Code Execution when retrieving values from the database, the code will attempt to call 'eval' on all values. An attacker can exploit this vulnerability and execute arbitrary python code if the...
Code Injection
langchain-experimental is vulnerable to Code Injection. The vulnerability is due to the use of 'eval' on all retrieved values from the database when the server is configured with VectorSQLDatabaseChain...
GHSA-CGCG-P68Q-3W7V langchain-experimental vulnerable to Arbitrary Code Execution
Versions of the package langchain-experimental from 0.0.15 and before 0.0.21 are vulnerable to Arbitrary Code Execution when retrieving values from the database, the code will attempt to call 'eval' on all values. An attacker can exploit this vulnerability and execute arbitrary python code if the...
langchain-experimental vulnerable to Arbitrary Code Execution
Versions of the package langchain-experimental from 0.0.15 and before 0.0.21 are vulnerable to Arbitrary Code Execution when retrieving values from the database, the code will attempt to call 'eval' on all values. An attacker can exploit this vulnerability and execute arbitrary python code if the...
CVE-2024-21513
Versions of the package langchain-experimental from 0.0.15 and before 0.0.21 are vulnerable to Arbitrary Code Execution when retrieving values from the database, the code will attempt to call 'eval' on all values. An attacker can exploit this vulnerability and execute arbitrary python code if the...
PYSEC-2024-62
Versions of the package langchain-experimental from 0.0.15 and before 0.0.21 are vulnerable to Arbitrary Code Execution when retrieving values from the database, the code will attempt to call 'eval' on all values. An attacker can exploit this vulnerability and execute arbitrary python code if the...
PYSEC-2024-62
Versions of the package langchain-experimental from 0.0.15 and before 0.0.21 are vulnerable to Arbitrary Code Execution when retrieving values from the database, the code will attempt to call 'eval' on all values. An attacker can exploit this vulnerability and execute arbitrary python code if the...
CVE-2024-21513
Versions of the package langchain-experimental from 0.0.15 and before 0.0.21 are vulnerable to Arbitrary Code Execution when retrieving values from the database, the code will attempt to call 'eval' on all values. An attacker can exploit this vulnerability and execute arbitrary python code if the...
CVE-2024-21513
langchain-experimental versions 0.0.15 and earlier than 0.0.21 are vulnerable to Arbitrary Code Execution via eval() on database-retrieved values when using VectorSQLDatabaseChain. The vulnerability requires an attacker to influence the input prompt and can enable Python code execution on the ser...
CVE-2024-21513
Versions of the package langchain-experimental from 0.0.15 and before 0.0.21 are vulnerable to Arbitrary Code Execution when retrieving values from the database, the code will attempt to call 'eval' on all values. An attacker can exploit this vulnerability and execute arbitrary python code if the...
Arbitrary Code Execution
Overview langchain-experimental is a package that holds experimental LangChain code, intended for research and experimental uses. Affected versions of this package are vulnerable to Arbitrary Code Execution when retrieving values from the database, the code will attempt to call 'eval' on all...