CVE-2023-38896

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Harrison Chase langchain versions 0.0.194 and before Harrison Chase langchain versions prior to 0.0.236

Description An issue in Harrison Chase langchain allows a remote attacker to execute arbitrary code via the from math prompt and from colored object prompt functions.

Recommendations For versions 0.0.194 and before, update to version 0.0.236 or later to resolve the issue. As a temporary workaround, consider disabling the from math prompt and from colored object prompt functions until a patch is available.

Exploit

Fix

Special Elements Injection

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-94

Related Identifiers

CVE-2023-38896

GHSA-92J5-3459-QGP4

PYSEC-2023-146

Affected Products

Langchain

CVE-2023-38896

Weakness Enumeration

Related Identifiers

Affected Products

References · 14