CVE-2023-34541 : Langchain 0.0.171 is vulnerable to Arbitrary code execution in load

Langchain 0.0.171 is vulnerable to Arbitrary code execution in load_prompt.

Published 2023-06-20 15:15:12

Updated 2024-12-09 22:15:22

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2023-34541

Langchain » Langchain » Version: 0.0.171
cpe:2.3:a:langchain:langchain:0.0.171:*:*:*:*:*:*:*
Matching versions

EPSS FAQ

0.12%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 32 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	134c704f-9b21-4f2e-91b3-4a467353bcc0	2024-12-09
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High
9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

https://github.com/hwchase17/langchain/issues/4849

Arbitrary code execution in load_prompt · Issue #4849 · hwchase17/langchain · GitHub
Exploit;Issue Tracking

Jump to