Описание
langchain_experimental (aka LangChain Experimental) in LangChain before 0.0.306 allows an attacker to bypass the CVE-2023-36258 fix and execute arbitrary code via import in Python code, which is not prohibited by pal_chain/base.py.
Ссылки
- PatchThird Party Advisory
- PatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:langchain:langchain_experimental:0.0.14:*:*:*:*:python:*:*
EPSS
Процентиль: 31%
0.00115
Низкий
9.8 Critical
CVSS3
Дефекты
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 9.8
github
больше 2 лет назад
langchain_experimental vulnerable to arbitrary code execution via PALChain in the python exec method
EPSS
Процентиль: 31%
0.00115
Низкий
9.8 Critical
CVSS3
Дефекты
NVD-CWE-noinfo