PYSEC-2023-194
See a problem?- Import Source
- https://github.com/pypa/advisory-database/blob/main/vulns/langchain-experimental/PYSEC-2023-194.yaml
- JSON Data
- https://api.test.osv.dev/v1/vulns/PYSEC-2023-194
- Aliases
- Published
- 2023-10-09T20:15:00Z
- Modified
- 2024-09-26T21:33:29.480277Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
langchain_experimental 0.0.14 allows an attacker to bypass the CVE-2023-36258 fix and execute arbitrary code via the PALChain in the python exec method.
- References
Affected packages
PyPI / langchain-experimental
Package
- Name
- langchain-experimental
- View open source insights on deps.dev
- Purl
- pkg:pypi/langchain-experimental
Affected ranges
- Type
- GIT
- Repo
- https://github.com/langchain-ai/langchain
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
0.*
0.0.1rc1
0.0.1rc2
0.0.1rc3
0.0.1rc4
0.0.1
0.0.2
0.0.3
0.0.4
0.0.5
0.0.6
0.0.7
0.0.8
0.0.9
0.0.10
0.0.11
0.0.12
0.0.13
0.0.14
0.0.15
0.0.16
0.0.17
0.0.18
0.0.19
0.0.20
0.0.21
0.0.22
0.0.23
0.0.24
0.0.25
0.0.27
0.0.28
0.0.29
0.0.30
0.0.31
0.0.32
0.0.33
0.0.34
0.0.35
0.0.36
0.0.37
0.0.38
0.0.39
0.0.40
0.0.41
0.0.42
0.0.43
0.0.44
0.0.45
0.0.46
0.0.47
0.0.48
0.0.49
0.0.50
0.0.51
0.0.52
0.0.53
0.0.54
0.0.55
0.0.56
0.0.57
0.0.58
0.0.59
0.0.60
0.0.61
0.0.62
0.0.63
0.0.64
0.0.65
0.3.0.dev1
0.3.0
0.3.1
0.3.1.post1
0.3.2