CVE-2023-34540

Name of the Vulnerable Software and Affected Versions Langchain versions prior to 0.0.225

Description The issue allows attackers to execute arbitrary code via crafted input, specifically through the JiraAPIWrapper component. This enables the execution of arbitrary code, potentially leading to remote code execution (RCE). The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited.

Recommendations For versions prior to 0.0.225, update to version 0.0.225 or later to resolve the issue. As a temporary workaround, consider restricting the use of the JiraAPIWrapper component until a patch is applied. Avoid using crafted input that could trigger the arbitrary code execution via the jira.run() function until the issue is resolved.