Pchalasan

**Name of the Vulnerable Software and Affected Versions** Langroid versions prior to 0.59.32 **Description** Langroid is a framework used for building applications powered by large-language-models. A weakness exists in the TableChatAgent component where the Web Application Firewall (WAF) can be bypassed. This bypass is due to a flaw in the ` literal ok()` function, which incorrectly returns False instead of raising an error when encountering invalid input. This, combined with unrestricted access to dangerous dunder attributes such as ` init `, ` globals `, and ` builtins `, allows attackers to chain whitelisted DataFrame methods to access the `eval` builtin and ultimately execute arbitrary code. The issue allows for Remote Code Execution (RCE). **Recommendations** Update to version 0.59.32 or later. Review deployments for potential exposure.