Shodan
Vulnerabilities
Vulnerable Software
Langchain:  Security Vulnerabilities
CVE-2023-46229
LangChain before 0.0.317 allows SSRF via document_loaders/recursive_url_loader.py because crawling can proceed from an external server to an internal server.
CVSS Score
8.8
EPSS Score
0.003
Published
2023-10-19
CVE-2023-44467
langchain_experimental (aka LangChain Experimental) in LangChain before 0.0.306 allows an attacker to bypass the CVE-2023-36258 fix and execute arbitrary code via __import__ in Python code, which is not prohibited by pal_chain/base.py.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-10-09
CVE-2023-39631
An issue in LanChain-ai Langchain v.0.0.245 allows a remote attacker to execute arbitrary code via the evaluate function in the numexpr library.
CVSS Score
9.8
EPSS Score
0.011
Published
2023-09-01
CVE-2023-36281
An issue in langchain v.0.0.171 allows a remote attacker to execute arbitrary code via a JSON file to load_prompt. This is related to __subclasses__ or a template.
CVSS Score
9.8
EPSS Score
0.571
Published
2023-08-22
CVE-2023-38896
An issue in Harrison Chase langchain v.0.0.194 and before allows a remote attacker to execute arbitrary code via the from_math_prompt and from_colored_object_prompt functions.
CVSS Score
9.8
EPSS Score
0.008
Published
2023-08-15
CVE-2023-39659
An issue in langchain langchain-ai v.0.0.232 and before allows a remote attacker to execute arbitrary code via a crafted script to the PythonAstREPLTool._run component.
CVSS Score
9.8
EPSS Score
0.012
Published
2023-08-15
CVE-2023-38860
An issue in LangChain v.0.0.231 allows a remote attacker to execute arbitrary code via the prompt parameter.
CVSS Score
9.8
EPSS Score
0.014
Published
2023-08-15
CVE-2023-36095
An issue in Harrison Chase langchain v.0.0.194 allows an attacker to execute arbitrary code via the python exec calls in the PALChain, affected functions include from_math_prompt and from_colored_object_prompt.
CVSS Score
9.8
EPSS Score
0.017
Published
2023-08-05
CVE-2023-36188
An issue in langchain v.0.0.64 allows a remote attacker to execute arbitrary code via the PALChain parameter in the Python exec method.
CVSS Score
9.8
EPSS Score
0.021
Published
2023-07-06
CVE-2023-36189
SQL injection vulnerability in langchain before v0.0.247 allows a remote attacker to obtain sensitive information via the SQLDatabaseChain component.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-07-06


Products
Pricing
Contact Us

Shodan ® - All rights reserved