PYSEC-2023-163
See a problem?- Import Source
- https://github.com/pypa/advisory-database/blob/main/vulns/numexpr/PYSEC-2023-163.yaml
- JSON Data
- https://api.osv.dev/v1/vulns/PYSEC-2023-163
- Aliases
- Published
- 2023-09-01T16:15:00Z
- Modified
- 2023-11-08T04:13:15.129905Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
An issue in LanChain-ai Langchain v.0.0.245 allows a remote attacker to execute arbitrary code via the evaluate function in the numexpr library.
- References
Affected packages
PyPI / numexpr
Package
- Name
- numexpr
- View open source insights on deps.dev
- Purl
- pkg:pypi/numexpr
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1.*
1.1.1
1.2
1.3
1.3.1
1.4
1.4.1
1.4.2
2.*
2.0
2.0.1
2.1
2.2
2.2.1
2.2.2
2.3-rc1
2.3
2.3.1
2.4-rc1
2.4-rc2
2.4
2.4.1
2.4.2
2.4.3
2.4.4
2.4.5
2.4.6
2.5
2.5.1
2.5.2
2.6.0
2.6.1
2.6.2
2.6.3
2.6.4
2.6.5
2.6.6.dev0
2.6.6
2.6.7
2.6.8
2.6.9
2.7.0
2.7.1
2.7.2
2.7.3
2.8.0
2.8.1
2.8.3
2.8.4
2.8.5
2.8.6
2.8.7