Vulnerability Details CVE-2023-36281
An issue in langchain v.0.0.171 allows a remote attacker to execute arbitrary code via a JSON file to load_prompt. This is related to __subclasses__ or a template.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.571
EPSS Ranking 98.0%
CVSS Severity
CVSS v3 Score 9.8
References
- https://aisec.today/LangChain-2e6244a313dd46139c5ef28cbcab9e55
- https://github.com/hwchase17/langchain/issues/4394
- https://github.com/langchain-ai/langchain/releases/tag/v0.0.312
- https://aisec.today/LangChain-2e6244a313dd46139c5ef28cbcab9e55
- https://github.com/hwchase17/langchain/issues/4394
- https://github.com/langchain-ai/langchain/releases/tag/v0.0.312