GHSA-prgp-w7vf-ch62

Suggest an improvement
Source
https://github.com/advisories/GHSA-prgp-w7vf-ch62
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/08/GHSA-prgp-w7vf-ch62/GHSA-prgp-w7vf-ch62.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-prgp-w7vf-ch62
Aliases
Published
2023-08-15T18:31:32Z
Modified
2024-09-27T21:33:25.955251Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
  • 9.3 (Critical) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator
Summary
LangChain vulnerable to arbitrary code execution
Details

An issue in langchain langchain-ai before version 0.0.325 allows a remote attacker to execute arbitrary code via a crafted script to the PythonAstREPLTool._run component.

Database specific 
{
    "github_reviewed": true,
    "github_reviewed_at": "2023-08-15T20:01:29Z",
    "cwe_ids": [
        "CWE-74"
    ],
    "nvd_published_at": "2023-08-15T17:15:12Z",
    "severity": "CRITICAL"
}
References

Affected packages

PyPI / langchain

Package

Name
langchain
View open source insights on deps.dev
Purl
pkg:pypi/langchain

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.0.325

Affected versions

0.*
0.0.1
0.0.2
0.0.3
0.0.4
0.0.5
0.0.6
0.0.7
0.0.8
0.0.9
0.0.10
0.0.11
0.0.12
0.0.13
0.0.14
0.0.15
0.0.16
0.0.17
0.0.18
0.0.19
0.0.20
0.0.21
0.0.22
0.0.23
0.0.24
0.0.25
0.0.26
0.0.27
0.0.28
0.0.29
0.0.30
0.0.31
0.0.32
0.0.33
0.0.34
0.0.35
0.0.36
0.0.37
0.0.38
0.0.39
0.0.40
0.0.41
0.0.42
0.0.43
0.0.44
0.0.45
0.0.46
0.0.47
0.0.48
0.0.49
0.0.50
0.0.51
0.0.52
0.0.53
0.0.54
0.0.55
0.0.56
0.0.57
0.0.58
0.0.59
0.0.60
0.0.61
0.0.63
0.0.64
0.0.65
0.0.66
0.0.67
0.0.68
0.0.69
0.0.70
0.0.71
0.0.72
0.0.73
0.0.74
0.0.75
0.0.76
0.0.77
0.0.78
0.0.79
0.0.80
0.0.81
0.0.82
0.0.83
0.0.84
0.0.85
0.0.86
0.0.87
0.0.88
0.0.89
0.0.90
0.0.91
0.0.92
0.0.93
0.0.94
0.0.95
0.0.96
0.0.97
0.0.98
0.0.99rc0
0.0.99
0.0.100
0.0.101rc0
0.0.101
0.0.102rc0
0.0.102
0.0.103
0.0.104
0.0.105
0.0.106
0.0.107
0.0.108
0.0.109
0.0.110
0.0.111
0.0.112
0.0.113
0.0.114
0.0.115
0.0.116
0.0.117
0.0.118
0.0.119
0.0.120
0.0.121
0.0.122
0.0.123
0.0.124
0.0.125
0.0.126
0.0.127
0.0.128
0.0.129
0.0.130
0.0.131
0.0.132
0.0.133
0.0.134
0.0.135
0.0.136
0.0.137
0.0.138
0.0.139
0.0.140
0.0.141
0.0.142
0.0.143
0.0.144
0.0.145
0.0.146
0.0.147
0.0.148
0.0.149
0.0.150
0.0.151
0.0.152
0.0.153
0.0.154
0.0.155
0.0.156
0.0.157
0.0.158
0.0.159
0.0.160
0.0.161
0.0.162
0.0.163
0.0.164
0.0.165
0.0.166
0.0.167
0.0.168
0.0.169
0.0.170
0.0.171
0.0.172
0.0.173
0.0.174
0.0.175
0.0.176
0.0.177
0.0.178
0.0.179
0.0.180
0.0.181
0.0.182
0.0.183
0.0.184
0.0.185
0.0.186
0.0.187
0.0.188
0.0.189
0.0.190
0.0.191
0.0.192
0.0.193
0.0.194
0.0.195
0.0.196
0.0.197
0.0.198
0.0.199
0.0.200
0.0.201
0.0.202
0.0.203
0.0.204
0.0.205
0.0.206
0.0.207
0.0.208
0.0.209
0.0.210
0.0.211
0.0.212
0.0.213
0.0.214
0.0.215
0.0.216
0.0.217
0.0.218
0.0.219
0.0.220
0.0.221
0.0.222
0.0.223
0.0.224
0.0.225
0.0.226
0.0.227
0.0.228
0.0.229
0.0.230
0.0.231
0.0.232
0.0.233
0.0.234
0.0.235
0.0.236
0.0.237
0.0.238
0.0.239
0.0.240rc0
0.0.240rc1
0.0.240rc4
0.0.240
0.0.242
0.0.243
0.0.244
0.0.245
0.0.246
0.0.247
0.0.248
0.0.249
0.0.250
0.0.251
0.0.252
0.0.253
0.0.254
0.0.255
0.0.256
0.0.257
0.0.258
0.0.259
0.0.260
0.0.261
0.0.262
0.0.263
0.0.264
0.0.265
0.0.266
0.0.267
0.0.268
0.0.269
0.0.270
0.0.271
0.0.272
0.0.273
0.0.274
0.0.275
0.0.276
0.0.277
0.0.278
0.0.279
0.0.281
0.0.283
0.0.284
0.0.285
0.0.286
0.0.287
0.0.288
0.0.289
0.0.290
0.0.291
0.0.292
0.0.293
0.0.294
0.0.295
0.0.296
0.0.297
0.0.298
0.0.299
0.0.300
0.0.301
0.0.302
0.0.303
0.0.304
0.0.305
0.0.306
0.0.307
0.0.308
0.0.309
0.0.310
0.0.311
0.0.312
0.0.313
0.0.314
0.0.315
0.0.316
0.0.317
0.0.318
0.0.319
0.0.320
0.0.321
0.0.322
0.0.323
0.0.324

Database specific

source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/08/GHSA-prgp-w7vf-ch62/GHSA-prgp-w7vf-ch62.json"