HIGH 7.5 PyPI
langchain SQL Injection vulnerability
GHSA-7q94-qpjr-xpgm · CVE-2023-36189 · PYSEC-2023-110
Published · Modified
Description
SQL injection vulnerability in langchain allows a remote attacker to obtain sensitive information via the SQLDatabaseChain component.
References
- ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2023-36189
- WEB https://github.com/hwchase17/langchain/issues/5923
- WEB https://github.com/langchain-ai/langchain/issues/5923
- WEB https://github.com/langchain-ai/langchain/issues/5923#issuecomment-1696053841
- WEB https://github.com/hwchase17/langchain/pull/6051
- WEB https://github.com/langchain-ai/langchain/pull/8425
- WEB https://github.com/langchain-ai/langchain/commit/fab24457bcf8ede882abd11419769c92bc4e7751
- WEB https://gist.github.com/rharang/9c58d39db8c01db5b7c888e467c0533f
- PACKAGE https://github.com/langchain-ai/langchain
- WEB https://github.com/pypa/advisory-database/tree/main/vulns/langchain/PYSEC-2023-110.yaml
Ready to move
Start Securing
Free, no credit card | First findings in minutes