GHSA-wmvm-9vqv-5qpp

Source

https://github.com/advisories/GHSA-wmvm-9vqv-5qpp

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/06/GHSA-wmvm-9vqv-5qpp/GHSA-wmvm-9vqv-5qpp.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-wmvm-9vqv-5qpp

Aliases

Published

2024-06-16T15:30:44Z

Modified

2024-07-05T22:04:11.161311Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

langchain_experimental Code Execution via Python REPL access

Details

langchain_experimental (aka LangChain Experimental) before 0.0.61 for LangChain provides Python REPL access without an opt-in step. NOTE; this issue exists because of an incomplete fix for CVE-2024-27444.

Database specific

{
    "github_reviewed_at": "2024-06-17T21:21:47Z",
    "severity": "HIGH",
    "cwe_ids": [
        "CWE-276"
    ],
    "github_reviewed": true,
    "nvd_published_at": "2024-06-16T15:15:51Z"
}

References

Affected packages

PyPI / langchain-experimental

Package

Name: langchain-experimental; View open source insights on deps.dev
Purl: pkg:pypi/langchain-experimental

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.0.61

Affected versions

0.*

0.0.1rc1

0.0.1rc2

0.0.1rc3

0.0.1rc4

0.0.1

0.0.2

0.0.3

0.0.4

0.0.5

0.0.6

0.0.7

0.0.8

0.0.9

0.0.10

0.0.11

0.0.12

0.0.13

0.0.14

0.0.15

0.0.16

0.0.17

0.0.18

0.0.19

0.0.20

0.0.21

0.0.22

0.0.23

0.0.24

0.0.25

0.0.27

0.0.28

0.0.29

0.0.30

0.0.31

0.0.32

0.0.33

0.0.34

0.0.35

0.0.36

0.0.37

0.0.38

0.0.39

0.0.40

0.0.41

0.0.42

0.0.43

0.0.44

0.0.45

0.0.46

0.0.47

0.0.48

0.0.49

0.0.50

0.0.51

0.0.52

0.0.53

0.0.54

0.0.55

0.0.56

0.0.57

0.0.58

0.0.59

0.0.60