PT-2023-27040 · Numexpr+2 · Numexpr+2

Corgeman

Publicado

2023-01-09

Atualizado

2026-06-03

CVE-2023-39631

CVSS v2.0

Crítica

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions LangChain versions 0.0.245 through 0.0.307

Description The issue is related to incorrect code generation control in the numexpr library of the LangChain framework, allowing a remote attacker to execute arbitrary code via the evaluate function. This can lead to exploitation by a remote attacker.

Recommendations For versions 0.0.245 through 0.0.307, update to version 0.0.308 or later, which includes a patch for the numexpr dependency issue. As a temporary workaround, consider disabling the evaluate function in the numexpr library until a patch is applied.

Exploit

Correção

Code Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-94

Identificadores relacionados

BDU:2025-01410

CVE-2023-39631

GHSA-F73W-4M7G-CH9X

PYSEC-2023-162

PYSEC-2023-163

Produtos afetados

Langchain

Red Os

Numexpr

PT-2023-27040 · Numexpr+2 · Numexpr+2

CVE-2023-39631

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 21