Headline

GHSA-gjjr-63x4-v8cq: langchain_experimental vulnerable to arbitrary code execution via PALChain in the python exec method

langchain_experimental 0.0.14 allows an attacker to bypass the CVE-2023-36258 fix and execute arbitrary code via the PALChain in the python exec method.

1 year ago

ghsa

Open in Source

#git

langchain_experimental vulnerable to arbitrary code execution via PALChain in the python exec method

Moderate severity GitHub Reviewed Published Oct 9, 2023 to the GitHub Advisory Database • Updated Oct 10, 2023

Cybersecurity researchers are warning about the security risks in the machine learning (ML) software supply chain following the discovery of more than 20 vulnerabilities that could be exploited to target MLOps platforms. These vulnerabilities, which are described as inherent- and implementation-based flaws, could have severe consequences, ranging from arbitrary code execution to loading

2 months ago

The Hacker News

Open in Source

#xss #vulnerability #web #mac #dos #java #intel #auth #The Hacker News

CVE-2023-44467: fix code injection vuln (#11233) · langchain-ai/langchain@4c97a10

langchain_experimental 0.0.14 allows an attacker to bypass the CVE-2023-36258 fix and execute arbitrary code via the PALChain in the python exec method.

1 year ago

CVE

Open in Source