Headline
GHSA-gjjr-63x4-v8cq: langchain_experimental vulnerable to arbitrary code execution via PALChain in the python exec method
langchain_experimental 0.0.14 allows an attacker to bypass the CVE-2023-36258 fix and execute arbitrary code via the PALChain in the python exec method.
langchain_experimental vulnerable to arbitrary code execution via PALChain in the python exec method
Moderate severity GitHub Reviewed Published Oct 9, 2023 to the GitHub Advisory Database • Updated Oct 10, 2023
Related news
Cybersecurity researchers are warning about the security risks in the machine learning (ML) software supply chain following the discovery of more than 20 vulnerabilities that could be exploited to target MLOps platforms. These vulnerabilities, which are described as inherent- and implementation-based flaws, could have severe consequences, ranging from arbitrary code execution to loading
langchain_experimental 0.0.14 allows an attacker to bypass the CVE-2023-36258 fix and execute arbitrary code via the PALChain in the python exec method.