Shodan
Vulnerabilities
Vulnerable Software
Langchain:  >> Langchain  Security Vulnerabilities
CVE-2023-36281
An issue in langchain v.0.0.171 allows a remote attacker to execute arbitrary code via a JSON file to load_prompt. This is related to __subclasses__ or a template.
CVSS Score
9.8
EPSS Score
0.571
Published
2023-08-22
CVE-2023-38896
An issue in Harrison Chase langchain v.0.0.194 and before allows a remote attacker to execute arbitrary code via the from_math_prompt and from_colored_object_prompt functions.
CVSS Score
9.8
EPSS Score
0.008
Published
2023-08-15
CVE-2023-39659
An issue in langchain langchain-ai v.0.0.232 and before allows a remote attacker to execute arbitrary code via a crafted script to the PythonAstREPLTool._run component.
CVSS Score
9.8
EPSS Score
0.012
Published
2023-08-15
CVE-2023-38860
An issue in LangChain v.0.0.231 allows a remote attacker to execute arbitrary code via the prompt parameter.
CVSS Score
9.8
EPSS Score
0.014
Published
2023-08-15
CVE-2023-36095
An issue in Harrison Chase langchain v.0.0.194 allows an attacker to execute arbitrary code via the python exec calls in the PALChain, affected functions include from_math_prompt and from_colored_object_prompt.
CVSS Score
9.8
EPSS Score
0.017
Published
2023-08-05
CVE-2023-36188
An issue in langchain v.0.0.64 allows a remote attacker to execute arbitrary code via the PALChain parameter in the Python exec method.
CVSS Score
9.8
EPSS Score
0.021
Published
2023-07-06
CVE-2023-36189
SQL injection vulnerability in langchain before v0.0.247 allows a remote attacker to obtain sensitive information via the SQLDatabaseChain component.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-07-06
CVE-2023-36258
An issue in LangChain before 0.0.236 allows an attacker to execute arbitrary code because Python code with os.system, exec, or eval can be used.
CVSS Score
9.8
EPSS Score
0.004
Published
2023-07-03
CVE-2023-34541
Langchain 0.0.171 is vulnerable to Arbitrary code execution in load_prompt.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-06-20
CVE-2023-34540
Langchain before v0.0.225 was discovered to contain a remote code execution (RCE) vulnerability in the component JiraAPIWrapper (aka the JIRA API wrapper). This vulnerability allows attackers to execute arbitrary code via crafted input. As noted in the "releases/tag" reference, a fix is available.
CVSS Score
9.8
EPSS Score
0.013
Published
2023-06-14


Products
Pricing
Contact Us

Shodan ® - All rights reserved