Lucene search
Veracode Vulnerability DatabaseVERACODE:43747HistoryOct 11, 2023 - 6:12 a.m.
Code Injection
2023-10-1106:12:48
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
13
vulnerability
langchain
prompt santization
bypasses cve-2023-36258
software
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
0.003
Percentile
71.7%
langchain is vulnerable to Code Injection. The vulnerability is due to improper prompt santization in the PALChain. This vulnerability bypasses CVE-2023-36258
Related
osv
osv
CVE-2023-44467
2023-10-09 20:15:10
langchain_experimental vulnerable to arbitrary code execution via PALChain in the python exec method
2023-10-09 21:30:27
PYSEC-2023-194
2023-10-09 20:15:00
nvd
nvd
cvelist
cvelist
cve
cve
nessus
nessus
LangChain Experimental Python Library <= 0.0.14 (CVE-2023-44467)
2024-09-11 00:00:00
prion
prion
Design/Logic Flaw
2023-10-09 20:15:00
Code injection
2023-07-03 21:15:00
Authentication flaw
2024-02-26 16:28:00
github
github
langchain_experimental vulnerable to arbitrary code execution via PALChain in the python exec method
2023-10-09 21:30:27
langchain arbitrary code execution vulnerability
2023-07-03 21:30:57
LangChain Experimental vulnerable to arbitrary code execution
2024-02-26 18:30:31
veracode
veracode
Remote Code Execution (RCE)
2023-07-11 01:25:11
vulnrichment
vulnrichment
CVE-2024-27444
2024-02-26 00:00:00
thn
thn
Researchers Identify Over 20 Supply Chain Vulnerabilities in MLOps Platforms
2024-08-26 10:31:00
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
0.003
Percentile
71.7%
Related for VERACODE:43747