CVE-2023-36095

An issue in Harrison Chase langchain v.0.0.194 allows an attacker to execute arbitrary code via the python exec calls in the PALChain, affected functions include from_math_prompt and from_colored_object_prompt.
Configurations

Configuration 1 (hide)

cpe:2.3:a:langchain:langchain:0.0.194:*:*:*:*:*:*:*

History

21 Nov 2024, 08:09

Type Values Removed Values Added
References () http://langchain.com - Product () http://langchain.com - Product
References () https://github.com/hwchase17/langchain - Product () https://github.com/hwchase17/langchain - Product
References () https://github.com/langchain-ai/langchain/issues/5872 - Exploit, Issue Tracking, Vendor Advisory () https://github.com/langchain-ai/langchain/issues/5872 - Exploit, Issue Tracking, Vendor Advisory

14 Aug 2023, 18:15

Type Values Removed Values Added
Summary An issue in Harrison Chase langchain v.0.0.194 allows an attacker to execute arbitrary code via the PALChain,from_math_prompt(llm).run in the python exec method. An issue in Harrison Chase langchain v.0.0.194 allows an attacker to execute arbitrary code via the python exec calls in the PALChain, affected functions include from_math_prompt and from_colored_object_prompt.

09 Aug 2023, 17:41

Type Values Removed Values Added
CWE CWE-94
References (MISC) https://github.com/hwchase17/langchain - (MISC) https://github.com/hwchase17/langchain - Product
References (MISC) http://langchain.com - (MISC) http://langchain.com - Product
References (MISC) https://github.com/langchain-ai/langchain/issues/5872 - (MISC) https://github.com/langchain-ai/langchain/issues/5872 - Exploit, Issue Tracking, Vendor Advisory
First Time Langchain langchain
Langchain
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
CPE cpe:2.3:a:langchain:langchain:0.0.194:*:*:*:*:*:*:*

05 Aug 2023, 03:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-08-05 03:15

Updated : 2024-11-21 08:09


NVD link : CVE-2023-36095

Mitre link : CVE-2023-36095

CVE.ORG link : CVE-2023-36095


JSON object : View

Products Affected

langchain

  • langchain
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')