CVE-2023-36189

Name of the Vulnerable Software and Affected Versions LangChain versions prior to 0.0.247

Description The issue is related to a SQL injection vulnerability that allows a remote attacker to obtain sensitive information via the SQLDatabaseChain component. This vulnerability is due to the lack of protection measures for the SQL query structure, which can be exploited by an attacker to gain unauthorized access to protected information.

Recommendations For versions prior to 0.0.247, update to version 0.0.247 or later to resolve the issue. As a temporary workaround, consider restricting access to the SQLDatabaseChain component to minimize the risk of exploitation.