Critical severityNVD Advisory· Published Oct 9, 2023· Updated Aug 2, 2024
CVE-2023-44467
CVE-2023-44467
Description
langchain_experimental (aka LangChain Experimental) in LangChain before 0.0.306 allows an attacker to bypass the CVE-2023-36258 fix and execute arbitrary code via __import__ in Python code, which is not prohibited by pal_chain/base.py.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
langchain-experimentalPyPI | <= 0.0.14 | — |
Affected products
2Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-gjjr-63x4-v8cqghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-44467ghsaADVISORY
- github.com/langchain-ai/langchain/commit/4c97a10bd0d9385cfee234a63b5bd826a295e483ghsaWEB
- github.com/langchain-ai/langchain/pull/11233ghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/langchain-experimental/PYSEC-2023-194.yamlghsaWEB
- pypi.org/project/langchain-experimental/0.0.14ghsaWEB
News mentions
0No linked articles in our index yet.