LangChain vulnerable to code injection

GHSA-fprp-p869-w6q2 · CVE-2023-29374 · PYSEC-2023-18

Published Apr 5, 2023 · Modified Feb 12, 2025

Description

In LangChain through 0.0.131, the LLMMathChain chain allows prompt injection attacks that can execute arbitrary code via the Python exec() method.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2023-29374
WEB https://github.com/hwchase17/langchain/issues/1026
WEB https://github.com/hwchase17/langchain/issues/814
WEB https://github.com/hwchase17/langchain/pull/1119
PACKAGE https://github.com/langchain-ai/langchain
WEB https://github.com/pypa/advisory-database/tree/main/vulns/langchain/PYSEC-2023-18.yaml
WEB https://twitter.com/rharang/status/1641899743608463365/photo/1

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes