CVE-2023-36258

Name of the Vulnerable Software and Affected Versions LangChain versions prior to 0.0.236

Description The issue allows an attacker to execute arbitrary code because Python code with os.system, exec, or eval can be used. This is possible via the PALChain in the python exec method.

Recommendations For versions prior to 0.0.236, update to version 0.0.236 or later to resolve the issue. As a temporary workaround, consider disabling the use of exec method in the PALChain until a patch is available. Restrict access to the os.system, exec, and eval functions to minimize the risk of exploitation.