Lucene search
MitreVULNRICHMENT:CVE-2024-27444HistoryFeb 26, 2024 - 12:00 a.m.
CVE-2024-27444
2024-02-2600:00:00
mitre
github.com
3
langchain experimental
arbitrary code execution
python attributes
AI Score
8
Confidence
Low
EPSS
0.001
Percentile
44.2%
SSVC
Exploitation
none
Automatable
yes
Technical Impact
total
langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-44467 fix and execute arbitrary code via the import, subclasses, builtins, globals, getattribute, bases, mro, or base attribute in Python code. These are not prohibited by pal_chain/base.py.
ADP Affected
[
{
"cpes": [
"cpe:2.3:a:langchain:langchain_experimental:*:*:*:*:*:python:*:*"
],
"vendor": "langchain",
"product": "langchain_experimental",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "0.1.8",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
}
]Related
nvd
nvd
cve
cve
prion
prion
Authentication flaw
2024-02-26 16:28:00
Design/Logic Flaw
2023-10-09 20:15:00
cvelist
cvelist
github
github
LangChain Experimental vulnerable to arbitrary code execution
2024-02-26 18:30:31
langchain_experimental vulnerable to arbitrary code execution via PALChain in the python exec method
2023-10-09 21:30:27
langchain_experimental Code Execution via Python REPL access
2024-06-16 15:30:44
osv
osv
LangChain Experimental vulnerable to arbitrary code execution
2024-02-26 18:30:31
CVE-2024-27444
2024-02-26 16:28:00
CVE-2023-44467
2023-10-09 20:15:10
veracode
veracode
Arbitrary Code Execution
2024-02-27 09:32:18
Code Injection
2023-10-11 06:12:48
nessus
nessus
LangChain Experimental Python Library <= 0.0.14 (CVE-2023-44467)
2024-09-11 00:00:00
vulnrichment
vulnrichment
CVE-2024-38459
2024-06-16 00:00:00
thn
thn
Researchers Identify Over 20 Supply Chain Vulnerabilities in MLOps Platforms
2024-08-26 10:31:00
AI Score
8
Confidence
Low
EPSS
0.001
Percentile
44.2%
SSVC
Exploitation
none
Automatable
yes
Technical Impact
total
Related for VULNRICHMENT:CVE-2024-27444