PT-2023-26673 · Harrison Chase · Langchain

Llm Security

Publicado

2023-08-15

Atualizado

2023-08-22

CVE-2023-38896

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Harrison Chase langchain versions 0.0.194 and before Harrison Chase langchain versions prior to 0.0.236

Description An issue in Harrison Chase langchain allows a remote attacker to execute arbitrary code via the from math prompt and from colored object prompt functions.

Recommendations For versions 0.0.194 and before, update to version 0.0.236 or later to resolve the issue. As a temporary workaround, consider disabling the from math prompt and from colored object prompt functions until a patch is available.

Exploit

Correção

Special Elements Injection

Code Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-74CWE-94

Identificadores relacionados

CVE-2023-38896

GHSA-92J5-3459-QGP4

PYSEC-2023-146

Produtos afetados

Langchain

PT-2023-26673 · Harrison Chase · Langchain

CVE-2023-38896

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 14