Langchain Experimental Security Vulnerabilities and Issues — Langchain Experimental CVE List

Lucene search

LangchainLangchain Experimental

4 matches found

CVE•added 2024/02/26 4:28 p.m.•3739 views

CVE-2024-27444

langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-44467 fix and execute arbitrary code via the import , subclasses , builtins , globals , getattribute , bases , mro , or base attribute in Python code. These are not prohibited by ...

9.8CVSS9.5AI score0.00109EPSS

CVE•added 2023/10/09 8:15 p.m.•158 views

CVE-2023-44467

langchain_experimental (aka LangChain Experimental) in LangChain before 0.0.306 allows an attacker to bypass the CVE-2023-36258 fix and execute arbitrary code via import in Python code, which is not prohibited by pal_chain/base.py.

9.8CVSS9.5AI score0.00487EPSS

CVE•added 2024/06/16 3:15 p.m.•50 views

CVE-2024-38459

langchain_experimental (aka LangChain Experimental) before 0.0.61 for LangChain provides Python REPL access without an opt-in step. NOTE; this issue exists because of an incomplete fix for CVE-2024-27444.

7.8CVSS7AI score0.00096EPSS

CVE•added 2024/09/19 5:15 a.m.•37 views

CVE-2024-46946

langchain_experimental (aka LangChain Experimental) 0.1.17 through 0.3.0 for LangChain allows attackers to execute arbitrary code through sympy.sympify (which uses eval) in LLMSymbolicMathChain. LLMSymbolicMathChain was introduced in fcccde406dd9e9b05fc9babcbeb9ff527b0ec0c6 (2023-10-05).

9.8CVSS8.1AI score0.00265EPSS