CVE-2023-29374

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-29374

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-29374.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-29374

Aliases

Published

2023-04-05T02:15:37.340Z

Modified

2026-03-17T07:07:28.182672Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

In LangChain through 0.0.131, the LLMMathChain chain allows prompt injection attacks that can execute arbitrary code via the Python exec method.

References

Affected packages

Git / github.com/hwchase17/langchain

Affected ranges

Type

GIT

Repo

https://github.com/hwchase17/langchain

Events

Introduced

Last affected

c7b083ab56a407a6d8eaa209d35faac6e7d0b776

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.0.131"
        }
    ]
}

Affected versions

v0.*

v0.0.100

v0.0.101

v0.0.102

v0.0.103

v0.0.104

v0.0.105

v0.0.106

v0.0.107

v0.0.108

v0.0.109

v0.0.110

v0.0.111

v0.0.112

v0.0.113

v0.0.114

v0.0.115

v0.0.116

v0.0.117

v0.0.118

v0.0.119

v0.0.120

v0.0.121

v0.0.122

v0.0.123

v0.0.124

v0.0.125

v0.0.126

v0.0.127

v0.0.128

v0.0.129

v0.0.130

v0.0.131

v0.0.64

v0.0.65

v0.0.66

v0.0.67

v0.0.68

v0.0.69

v0.0.70

v0.0.71

v0.0.72

v0.0.73

v0.0.74

v0.0.75

v0.0.76

v0.0.77

v0.0.78

v0.0.79

v0.0.80

v0.0.81

v0.0.82

v0.0.83

v0.0.84

v0.0.85

v0.0.86

v0.0.87

v0.0.88

v0.0.89

v0.0.90

v0.0.91

v0.0.92

v0.0.93

v0.0.94

v0.0.95

v0.0.96

v0.0.97

v0.0.98

v0.0.99

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-29374.json"