Headline
GHSA-2qmj-7962-cjq8: langchain arbitrary code execution vulnerability
An issue in langchain allows an attacker to execute arbitrary code via the PALChain in the python exec method.
langchain arbitrary code execution vulnerability
High severity GitHub Reviewed Published Jul 3, 2023 to the GitHub Advisory Database • Updated Jul 6, 2023
Related news
CVE-2023-44467: fix code injection vuln (#11233) · langchain-ai/langchain@4c97a10
langchain_experimental 0.0.14 allows an attacker to bypass the CVE-2023-36258 fix and execute arbitrary code via the PALChain in the python exec method.
CVE-2023-36258: Prompt injection which leads to arbitrary code execution in `langchain.chains.PALChain` · Issue #5872 · hwchase17/langchain
An issue in langchain v.0.0.199 allows an attacker to execute arbitrary code via the PALChain in the python exec method.