Langchain: >> Langchain Security Vulnerabilities
An issue in Harrison Chase langchain v.0.0.194 allows an attacker to execute arbitrary code via the python exec calls in the PALChain, affected functions include from_math_prompt and from_colored_object_prompt.
CVSS Score
9.8
EPSS Score
0.031
Published
2023-08-05
An issue in langchain v.0.0.64 allows a remote attacker to execute arbitrary code via the PALChain parameter in the Python exec method.
CVSS Score
9.8
EPSS Score
0.066
Published
2023-07-06
SQL injection vulnerability in langchain before v0.0.247 allows a remote attacker to obtain sensitive information via the SQLDatabaseChain component.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-07-06
An issue in LangChain before 0.0.236 allows an attacker to execute arbitrary code because Python code with os.system, exec, or eval can be used.
CVSS Score
9.8
EPSS Score
0.006
Published
2023-07-03
Langchain 0.0.171 is vulnerable to Arbitrary code execution in load_prompt.
CVSS Score
9.8
EPSS Score
0.002
Published
2023-06-20
Langchain before v0.0.225 was discovered to contain a remote code execution (RCE) vulnerability in the component JiraAPIWrapper (aka the JIRA API wrapper). This vulnerability allows attackers to execute arbitrary code via crafted input. As noted in the "releases/tag" reference, a fix is available.
CVSS Score
9.8
EPSS Score
0.019
Published
2023-06-14
In LangChain through 0.0.131, the LLMMathChain chain allows prompt injection attacks that can execute arbitrary code via the Python exec method.
CVSS Score
9.8
EPSS Score
0.038
Published
2023-04-05
Page 3