langchain_experimental (aka LangChain Experimental) in LangChain before 0.0.306 allows an attacker to bypass the CVE-2023-36258 fix and execute arbitrary code via __import__ in Python code, which is not prohibited by pal_chain/base.py.
References
Link | Resource |
---|---|
https://github.com/langchain-ai/langchain/commit/4c97a10bd0d9385cfee234a63b5bd826a295e483 | Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2023-10-09T00:00:00
Updated: 2024-02-26T04:13:04.070412
Reserved: 2023-09-29T00:00:00
Link: CVE-2023-44467
JSON object: View
NVD Information
Status : Modified
Published: 2023-10-09T20:15:10.480
Modified: 2024-02-26T16:27:47.113
Link: CVE-2023-44467
JSON object: View
Redhat Information
No data.
CWE