CVE-2023-34540
Description
Langchain before v0.0.225 was discovered to contain a remote code execution (RCE) vulnerability in the component JiraAPIWrapper (aka the JIRA API wrapper). This vulnerability allows attackers to execute arbitrary code via crafted input. As noted in the "releases/tag" reference, a fix is available.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Langchain before v0.0.225 has an RCE vulnerability in the JiraAPIWrapper that allows arbitrary code execution via crafted input.
Vulnerability
Description
CVE-2023-34540 is a remote code execution (RCE) vulnerability in Langchain versions prior to v0.0.225, specifically within the JiraAPIWrapper component. The root cause lies in the other method of the Jira utility, which previously used Python's exec() function on unsanitized query strings. This allowed arbitrary Python code to be executed by passing it directly to the tool, as the input was treated as a line of Python code that called functions from the atlassian-python-api's Jira API [1][4].
Attack
Vector and Exploitation
The vulnerability can be exploited by providing a crafted string to the JiraAPIWrapper tool. In vulnerable versions, the other method used exec(f"result = {query}", context) to execute the user-supplied query, allowing an attacker to inject arbitrary Python code. The fix, introduced in release v0.0.225, replaced this dangerous pattern with a safer approach: the input is now parsed as JSON, and only the specified function (from the function key) is called with provided arguments and keyword arguments, eliminating the arbitrary code execution risk [2][4].
Impact and
Mitigation
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code with the privileges of the Langchain application, potentially leading to data theft, system compromise, or lateral movement within the environment. The vulnerability was fixed in Langchain version 0.0.225, released on GitHub on May 25, 2023 [2]. Users are strongly advised to upgrade to at least this version. No workarounds have been publicly documented, but restricting access to the JiraAPIWrapper tool and sanitizing inputs may reduce risk [1].
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
langchainPyPI | < 0.0.225 | 0.0.225 |
Affected products
2- Langchain/Langchaindescription
Patches
1a2f191a32229Replace JIRA Arbitrary Code Execution vulnerability with finer grain API wrapper (#6992)
3 files changed · +35 −8
langchain/tools/jira/prompt.py+5 −4 modified@@ -25,11 +25,12 @@ This tool is a wrapper around atlassian-python-api's Jira API. There are other dedicated tools for fetching all projects, and creating and searching for issues, use this tool if you need to perform any other actions allowed by the atlassian-python-api Jira API. - The input to this tool is line of python code that calls a function from atlassian-python-api's Jira API - For example, to update the summary field of an issue, you would pass in the following string: - self.jira.update_issue_field(key, {{"summary": "New summary"}}) + The input to this tool is a dictionary specifying a function from atlassian-python-api's Jira API, + as well as a list of arguments and dictionary of keyword arguments to pass into the function. + For example, to get all the users in a group, while increasing the max number of results to 100, you would + pass in the following dictionary: {{"function": "get_all_users_from_group", "args": ["group"], "kwargs": {{"limit":100}} }} or to find out how many projects are in the Jira instance, you would pass in the following string: - self.jira.projects() + {{"function": "projects"}} For more information on the Jira API, refer to https://atlassian-python-api.readthedocs.io/jira.html """
langchain/utilities/jira.py+9 −4 modified@@ -188,10 +188,15 @@ def page_create(self, query: str) -> str: return self.confluence.create_page(**dict(params)) def other(self, query: str) -> str: - context = {"self": self} - exec(f"result = {query}", context) - result = context["result"] - return str(result) + try: + import json + except ImportError: + raise ImportError( + "json is not installed. Please install it with `pip install json`" + ) + params = json.loads(query) + jira_function = getattr(self.jira, params["function"]) + return jira_function(*params.get("args", []), **params.get("kwargs", {})) def run(self, mode: str, query: str) -> str: if mode == "jql":
tests/integration_tests/utilities/test_jira_api.py+21 −0 modified@@ -41,3 +41,24 @@ def test_create_confluence_page() -> None: output = jira.run("create_page", create_page_dict) assert "type" in output assert "page" in output + + +def test_other() -> None: + """Non-exhaustive test for accessing other JIRA API methods""" + jira = JiraAPIWrapper() + issue_create_dict = """ + { + "function":"issue_create", + "kwargs": { + "fields": { + "summary": "Test Summary", + "description": "Test Description", + "issuetype": {"name": "Bug"}, + "project": {"key": "TP"} + } + } + } + """ + output = jira.run("other", issue_create_dict) + assert "id" in output + assert "key" in output
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
8- github.com/advisories/GHSA-x32c-59v5-h7fgghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-34540ghsaADVISORY
- github.com/hwchase17/langchain/issues/4833ghsaWEB
- github.com/langchain-ai/langchain/commit/a2f191a32229256dd41deadf97786fe41ce04cbbghsaWEB
- github.com/langchain-ai/langchain/issues/4833ghsaWEB
- github.com/langchain-ai/langchain/pull/6992ghsaWEB
- github.com/langchain-ai/langchain/releases/tag/v0.0.225ghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/langchain/PYSEC-2023-91.yamlghsaWEB
News mentions
0No linked articles in our index yet.