Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-gjjr-63x4-v8cq: langchain_experimental vulnerable to arbitrary code execution via PALChain in the python exec method

langchain_experimental 0.0.14 allows an attacker to bypass the CVE-2023-36258 fix and execute arbitrary code via the PALChain in the python exec method.

ghsa
#git

langchain_experimental vulnerable to arbitrary code execution via PALChain in the python exec method

Moderate severity GitHub Reviewed Published Oct 9, 2023 to the GitHub Advisory Database • Updated Oct 10, 2023

Related news

Researchers Identify Over 20 Supply Chain Vulnerabilities in MLOps Platforms

Cybersecurity researchers are warning about the security risks in the machine learning (ML) software supply chain following the discovery of more than 20 vulnerabilities that could be exploited to target MLOps platforms. These vulnerabilities, which are described as inherent- and implementation-based flaws, could have severe consequences, ranging from arbitrary code execution to loading

CVE-2023-44467: fix code injection vuln (#11233) · langchain-ai/langchain@4c97a10

langchain_experimental 0.0.14 allows an attacker to bypass the CVE-2023-36258 fix and execute arbitrary code via the PALChain in the python exec method.