CVE-2023-36095

Name of the Vulnerable Software and Affected Versions Harrison Chase langchain version 0.0.194

Description The issue allows an attacker to execute arbitrary code via the python exec calls in the PALChain. Affected functions include from math prompt and from colored object prompt, specifically when using from math prompt(llm).run in the python exec method.

Recommendations For version 0.0.194, consider disabling the from math prompt and from colored object prompt functions until a patch is available to prevent arbitrary code execution. Restrict access to the PALChain to minimize the risk of exploitation. Avoid using the exec method in the python code for the affected functions until the issue is resolved.