PYSEC-2023-194

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/langchain-experimental/PYSEC-2023-194.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2023-194
Aliases
Published
2023-10-09T20:15:00Z
Modified
2024-06-25T22:21:09.642223Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

langchain_experimental 0.0.14 allows an attacker to bypass the CVE-2023-36258 fix and execute arbitrary code via the PALChain in the python exec method.

References

Affected packages

PyPI / langchain-experimental

Package

Name
langchain-experimental
View open source insights on deps.dev
Purl
pkg:pypi/langchain-experimental

Affected ranges

Type
GIT
Repo
https://github.com/langchain-ai/langchain
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.0.1rc1
0.0.1rc2
0.0.1rc3
0.0.1rc4
0.0.1
0.0.2
0.0.3
0.0.4
0.0.5
0.0.6
0.0.7
0.0.8
0.0.9
0.0.10
0.0.11
0.0.12
0.0.13
0.0.14
0.0.15
0.0.16
0.0.17
0.0.18
0.0.19
0.0.20
0.0.21
0.0.22
0.0.23
0.0.24
0.0.25
0.0.27
0.0.28
0.0.29
0.0.30
0.0.31
0.0.32
0.0.33
0.0.34
0.0.35
0.0.36
0.0.37
0.0.38
0.0.39
0.0.40
0.0.41
0.0.42
0.0.43
0.0.44
0.0.45
0.0.46
0.0.47
0.0.48
0.0.49
0.0.50
0.0.51
0.0.52
0.0.53
0.0.54
0.0.55
0.0.56
0.0.57
0.0.58
0.0.59
0.0.60
0.0.61
0.0.62