CVE-2023-36258

An issue in LangChain before 0.0.236 allows an attacker to execute arbitrary code because Python code with os.system, exec, or eval can be used.
References
Link Resource
https://github.com/hwchase17/langchain/issues/5872 Exploit Issue Tracking Mitigation
https://github.com/hwchase17/langchain/issues/5872 Exploit Issue Tracking Mitigation
Configurations

Configuration 1 (hide)

cpe:2.3:a:langchain:langchain:0.0.199:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-07-03 21:15

Updated : 2024-11-22 17:15


NVD link : CVE-2023-36258

Mitre link : CVE-2023-36258

CVE.ORG link : CVE-2023-36258


JSON object : View

Products Affected

langchain

  • langchain
CWE
NVD-CWE-noinfo CWE-94

Improper Control of Generation of Code ('Code Injection')