AI Score
Confidence
Low
EPSS
Percentile
44.2%
SSVC
Exploitation
none
Automatable
yes
Technical Impact
total
langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-44467 fix and execute arbitrary code via the import, subclasses, builtins, globals, getattribute, bases, mro, or base attribute in Python code. These are not prohibited by pal_chain/base.py.
[
{
"cpes": [
"cpe:2.3:a:langchain:langchain_experimental:*:*:*:*:*:python:*:*"
],
"vendor": "langchain",
"product": "langchain_experimental",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "0.1.8",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
}
]