CVE-2023-36258

Source
https://cve.org/CVERecord?id=CVE-2023-36258
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-36258.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-36258
Aliases
Published
2023-07-03T00:00:00Z
Modified
2026-07-08T07:34:28.137377974Z
Summary
[none]
Details

An issue in LangChain before 0.0.236 allows an attacker to execute arbitrary code because Python code with os.system, exec, or eval can be used.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/36xxx/CVE-2023-36258.json",
    "cna_assigner": "mitre"
}
References

Affected packages

Git / github.com/langchain-ai/langchain

Affected ranges

Type
GIT
Repo
https://github.com/langchain-ai/langchain
Events
Database specific
{
    "cpe": "cpe:2.3:a:langchain:langchain:0.0.199:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "0.0.236"
        },
        {
            "introduced": "0.0.199"
        },
        {
            "last_affected": "0.0.199"
        }
    ],
    "source": [
        "DESCRIPTION",
        "CPE_STRING"
    ]
}

Affected versions

0.*
0.0.199
v0.*
v0.0.199
v0.0.200
v0.0.201
v0.0.202
v0.0.204
v0.0.205
v0.0.206
v0.0.207
v0.0.208
v0.0.209
v0.0.210
v0.0.211
v0.0.212
v0.0.213
v0.0.214
v0.0.215
v0.0.216
v0.0.217
v0.0.218
v0.0.219
v0.0.220
v0.0.221
v0.0.222
v0.0.223
v0.0.224
v0.0.225
v0.0.226
v0.0.227
v0.0.228
v0.0.229
v0.0.230
v0.0.231
v0.0.232
v0.0.233
v0.0.234
v0.0.235

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-36258.json"