CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
55.4%
langchain is vulnerable to Arbitrary Code Execution. The vulnerability is due to insufficient input sanitization in the run
function of jira.py
when using the other
jira mode, which allows an attacker to execute malicious code on the system.
github.com/advisories/GHSA-x32c-59v5-h7fg
github.com/hwchase17/langchain/blob/v0.0.205/langchain/utilities/jira.py#L170
github.com/hwchase17/langchain/issues/4833
github.com/langchain-ai/langchain/commit/a2f191a32229256dd41deadf97786fe41ce04cbb
github.com/langchain-ai/langchain/pull/6992
github.com/langchain-ai/langchain/releases/tag/v0.0.225