PT-2023-25472 · Langchain · Langchain

Lyutoon

·

Publicado

2023-07-06

·

Atualizado

2023-07-12

·

CVE-2023-36188

CVSS v3.1

9.8

Crítica

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions langchain version 0.0.64
Description The issue allows a remote attacker to execute arbitrary code via the PALChain parameter in the Python exec method. This enables the attacker to run malicious code, potentially leading to system compromise.
Recommendations For langchain version 0.0.64, consider disabling the exec method or restricting access to the PALChain parameter until a patch is available. As a temporary workaround, avoid using the PALChain parameter in the affected exec method to minimize the risk of exploitation.

Exploit

Correção

Special Elements Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-74

Identificadores relacionados

CVE-2023-36188
GHSA-57FC-8Q82-GFP3
PYSEC-2023-109

Produtos afetados

Langchain