GHSA-fprp-p869-w6q2
Suggest an improvement- Source
- https://github.com/advisories/GHSA-fprp-p869-w6q2
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/04/GHSA-fprp-p869-w6q2/GHSA-fprp-p869-w6q2.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-fprp-p869-w6q2
- Aliases
- Published
- 2023-04-05T03:30:17Z
- Modified
- 2024-09-30T16:26:36.165063Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- 9.3 (Critical) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- LangChain vulnerable to code injection
- Details
-
In LangChain through 0.0.131, the
LLMMathChainchain allows prompt injection attacks that can execute arbitrary code via the Pythonexec()method. - Database specific
{ "nvd_published_at": "2023-04-05T02:15:00Z", "cwe_ids": [ "CWE-74", "CWE-94" ], "severity": "CRITICAL", "github_reviewed": true, "github_reviewed_at": "2023-04-05T19:39:41Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2023-29374
- https://github.com/hwchase17/langchain/issues/1026
- https://github.com/hwchase17/langchain/issues/814
- https://github.com/hwchase17/langchain/pull/1119
- https://github.com/langchain-ai/langchain
- https://github.com/pypa/advisory-database/tree/main/vulns/langchain/PYSEC-2023-18.yaml
- https://twitter.com/rharang/status/1641899743608463365/photo/1
Affected packages
PyPI / langchain
Package
- Name
- langchain
- View open source insights on deps.dev
- Purl
- pkg:pypi/langchain
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedLast affected0.0.131
Affected versions
0.*
0.0.1
0.0.2
0.0.3
0.0.4
0.0.5
0.0.6
0.0.7
0.0.8
0.0.9
0.0.10
0.0.11
0.0.12
0.0.13
0.0.14
0.0.15
0.0.16
0.0.17
0.0.18
0.0.19
0.0.20
0.0.21
0.0.22
0.0.23
0.0.24
0.0.25
0.0.26
0.0.27
0.0.28
0.0.29
0.0.30
0.0.31
0.0.32
0.0.33
0.0.34
0.0.35
0.0.36
0.0.37
0.0.38
0.0.39
0.0.40
0.0.41
0.0.42
0.0.43
0.0.44
0.0.45
0.0.46
0.0.47
0.0.48
0.0.49
0.0.50
0.0.51
0.0.52
0.0.53
0.0.54
0.0.55
0.0.56
0.0.57
0.0.58
0.0.59
0.0.60
0.0.61
0.0.63
0.0.64
0.0.65
0.0.66
0.0.67
0.0.68
0.0.69
0.0.70
0.0.71
0.0.72
0.0.73
0.0.74
0.0.75
0.0.76
0.0.77
0.0.78
0.0.79
0.0.80
0.0.81
0.0.82
0.0.83
0.0.84
0.0.85
0.0.86
0.0.87
0.0.88
0.0.89
0.0.90
0.0.91
0.0.92
0.0.93
0.0.94
0.0.95
0.0.96
0.0.97
0.0.98
0.0.99rc0
0.0.99
0.0.100
0.0.101rc0
0.0.101
0.0.102rc0
0.0.102
0.0.103
0.0.104
0.0.105
0.0.106
0.0.107
0.0.108
0.0.109
0.0.110
0.0.111
0.0.112
0.0.113
0.0.114
0.0.115
0.0.116
0.0.117
0.0.118
0.0.119
0.0.120
0.0.121
0.0.122
0.0.123
0.0.124
0.0.125
0.0.126
0.0.127
0.0.128
0.0.129
0.0.130
0.0.131