CVE-2023-38860

描述

An issue in LangChain prior to v.0.0.247 allows a remote attacker to execute arbitrary code via the prompt parameter.

受影響套件(2)

• PyPI/langchainfrom 0, < 0.0.247
• PyPI/langchainfrom 0, < 0.0.247

CVSS 分數

參考連結(9)

• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2023-38860
• PATCHhttps://github.com/hwchase17/langchain
• WEBhttps://github.com/hwchase17/langchain/issues/7641
• WEBhttps://github.com/langchain-ai/langchain/commit/d353d668e4b0514122a443cef91de7f76fea4245
• WEBhttps://github.com/langchain-ai/langchain/commit/fab24457bcf8ede882abd11419769c92bc4e7751
• WEBhttps://github.com/langchain-ai/langchain/issues/7641
• WEBhttps://github.com/langchain-ai/langchain/pull/8092
• WEBhttps://github.com/langchain-ai/langchain/pull/8425
• WEBhttps://github.com/pypa/advisory-database/tree/main/vulns/langchain/PYSEC-2023-145.yaml