Obi1Kenobi

**Name of the Vulnerable Software and Affected Versions** langchain version 0.0.171 **Description** An issue in langchain allows a remote attacker to execute arbitrary code via a JSON file to the `load prompt` parameter. This is related to ` subclasses ` or a template. **Recommendations** For langchain version 0.0.171, consider disabling the `load prompt` parameter until a patch is available to prevent remote attackers from executing arbitrary code. Restrict access to the `load prompt` function to minimize the risk of exploitation. Avoid using the `load prompt` parameter with JSON files from untrusted sources. At the moment, there is no information about a newer version that contains a fix for this issue.