PT-2023-27058 · Langchain · Langchain

Lyutoon

Published

2023-08-15

Updated

2023-08-22

CVE-2023-39659

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions langchain langchain-ai versions 0.0.232 and earlier langchain langchain-ai versions prior to 0.0.325

Description An issue in langchain langchain-ai allows a remote attacker to execute arbitrary code via a crafted script to the PythonAstREPLTool. run component.

Recommendations For versions 0.0.232 and earlier, update to version 0.0.325 or later. For versions prior to 0.0.325, update to version 0.0.325 or later. As a temporary workaround, consider disabling the PythonAstREPLTool. run component until a patch is available.

Exploit

Fix

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74

Related Identifiers

CVE-2023-39659

GHSA-PRGP-W7VF-CH62

PYSEC-2023-147

Affected Products

Langchain

PT-2023-27058 · Langchain · Langchain

CVE-2023-39659

Weakness Enumeration

Related Identifiers

Affected Products

References · 14