PT-2023-22231 · Langchain · Langchain

Zachschillaci27

Publicado

2023-04-05

Atualizado

2026-04-30

CVE-2023-29374

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions LangChain versions 0.0.0 through 0.0.131

Description The issue allows prompt injection attacks that can execute arbitrary code via the Python exec() method. This is specifically related to the LLMMathChain chain in LangChain.

Recommendations For versions 0.0.0 through 0.0.131, consider disabling the LLMMathChain chain as a temporary workaround until a patch is available. Restrict access to the exec() method to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Special Elements Injection

Code Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-74CWE-94

Identificadores relacionados

CVE-2023-29374

GHSA-FPRP-P869-W6Q2

PYSEC-2023-18

Produtos afetados

Langchain

PT-2023-22231 · Langchain · Langchain

CVE-2023-29374

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 14