Lucene search
GoogleOSV:CVE-2023-44467HistoryOct 09, 2023 - 8:15 p.m.
CVE-2023-44467
2023-10-0920:15:10
Google
osv.dev
7
langchain
vulnerability
code execution
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.6
Confidence
High
EPSS
0.003
Percentile
71.7%
langchain_experimental (aka LangChain Experimental) in LangChain before 0.0.306 allows an attacker to bypass the CVE-2023-36258 fix and execute arbitrary code via import in Python code, which is not prohibited by pal_chain/base.py.
Related
nvd
nvd
osv
osv
langchain_experimental vulnerable to arbitrary code execution via PALChain in the python exec method
2023-10-09 21:30:27
PYSEC-2023-194
2023-10-09 20:15:00
PYSEC-2023-98
2023-07-03 21:15:00
cvelist
cvelist
cve
cve
nessus
nessus
LangChain Experimental Python Library <= 0.0.14 (CVE-2023-44467)
2024-09-11 00:00:00
veracode
veracode
Code Injection
2023-10-11 06:12:48
Remote Code Execution (RCE)
2023-07-11 01:25:11
prion
prion
Design/Logic Flaw
2023-10-09 20:15:00
Code injection
2023-07-03 21:15:00
Authentication flaw
2024-02-26 16:28:00
github
github
langchain_experimental vulnerable to arbitrary code execution via PALChain in the python exec method
2023-10-09 21:30:27
langchain arbitrary code execution vulnerability
2023-07-03 21:30:57
LangChain Experimental vulnerable to arbitrary code execution
2024-02-26 18:30:31
vulnrichment
vulnrichment
CVE-2024-27444
2024-02-26 00:00:00
thn
thn
Researchers Identify Over 20 Supply Chain Vulnerabilities in MLOps Platforms
2024-08-26 10:31:00
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.6
Confidence
High
EPSS
0.003
Percentile
71.7%
Related for OSV:CVE-2023-44467