CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32786
https://notcve.org/view.php?id=CVE-2023-32786
20 Oct 2023 — In Langchain through 0.0.155, prompt injection allows an attacker to force the service to retrieve data from an arbitrary URL, essentially providing SSRF and potentially injecting content into downstream tasks. En Langchain hasta 0.0.155, la inyección rápida permite a un atacante forzar al servicio a recuperar datos de una URL arbitraria, esencialmente proporcionando SSRF y potencialmente inyectando contenido en tareas posteriores. • https://gist.github.com/rharang/d265f46fc3161b31ac2e81db44d662e1 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46229
https://notcve.org/view.php?id=CVE-2023-46229
19 Oct 2023 — LangChain before 0.0.317 allows SSRF via document_loaders/recursive_url_loader.py because crawling can proceed from an external server to an internal server. LangChain anterior a 0.0.317 permite SSRF a través de document_loaders/recursive_url_loader.py porque el rastreo puede proceder desde un servidor externo a un servidor interno. • https://github.com/langchain-ai/langchain/commit/9ecb7240a480720ec9d739b3877a52f76098a2b8 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-39659
https://notcve.org/view.php?id=CVE-2023-39659
15 Aug 2023 — An issue in langchain langchain-ai v.0.0.232 and before allows a remote attacker to execute arbitrary code via a crafted script to the PythonAstREPLTool._run component. Un problema en langchain langchain-ai v.0.0.232 y anteriores permite a un atacante remoto ejecutar código arbitrario a través de un script manipulado en el componente PythonAstREPLTool._run. • https://github.com/langchain-ai/langchain/issues/7700 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-38896
https://notcve.org/view.php?id=CVE-2023-38896
15 Aug 2023 — An issue in Harrison Chase langchain v.0.0.194 and before allows a remote attacker to execute arbitrary code via the from_math_prompt and from_colored_object_prompt functions. Un problema en langchain v.0.0.194 de Harrison Chase y anteriores permite a un atacante remoto ejecutar código arbitrario a través de las funciones from_math_prompt y from_colored_object_prompt. • https://github.com/hwchase17/langchain/issues/5872 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-36189
https://notcve.org/view.php?id=CVE-2023-36189
06 Jul 2023 — SQL injection vulnerability in langchain before v0.0.247 allows a remote attacker to obtain sensitive information via the SQLDatabaseChain component. • https://gist.github.com/rharang/9c58d39db8c01db5b7c888e467c0533f • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-36188
https://notcve.org/view.php?id=CVE-2023-36188
06 Jul 2023 — An issue in langchain v.0.0.64 allows a remote attacker to execute arbitrary code via the PALChain parameter in the Python exec method. • https://github.com/hwchase17/langchain/issues/5872 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2023-29374
https://notcve.org/view.php?id=CVE-2023-29374
05 Apr 2023 — In LangChain through 0.0.131, the LLMMathChain chain allows prompt injection attacks that can execute arbitrary code via the Python exec method. • https://github.com/hwchase17/langchain/issues/1026 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •