Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-2qmj-7962-cjq8: langchain arbitrary code execution vulnerability

An issue in langchain allows an attacker to execute arbitrary code via the PALChain in the python exec method.

ghsa
#vulnerability#git

langchain arbitrary code execution vulnerability

High severity GitHub Reviewed Published Jul 3, 2023 to the GitHub Advisory Database • Updated Jul 6, 2023

Related news

CVE-2023-44467: fix code injection vuln (#11233) · langchain-ai/langchain@4c97a10

langchain_experimental 0.0.14 allows an attacker to bypass the CVE-2023-36258 fix and execute arbitrary code via the PALChain in the python exec method.

CVE-2023-36258: Prompt injection which leads to arbitrary code execution in `langchain.chains.PALChain` · Issue #5872 · hwchase17/langchain

An issue in langchain v.0.0.199 allows an attacker to execute arbitrary code via the PALChain in the python exec method.