Critical severityNVD Advisory· Published Apr 5, 2023· Updated Feb 12, 2025
CVE-2023-29374
CVE-2023-29374
Description
In LangChain through 0.0.131, the LLMMathChain chain allows prompt injection attacks that can execute arbitrary code via the Python exec method.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
langchainPyPI | <= 0.0.131 | — |
Affected products
2Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-fprp-p869-w6q2ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-29374ghsaADVISORY
- github.com/hwchase17/langchain/issues/1026ghsaWEB
- github.com/hwchase17/langchain/issues/814ghsaWEB
- github.com/hwchase17/langchain/pull/1119ghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/langchain/PYSEC-2023-18.yamlghsaWEB
- twitter.com/rharang/status/1641899743608463365/photo/1ghsaWEB
News mentions
0No linked articles in our index yet.