Shodan
Vulnerabilities
Vulnerable Software
Langchain:  Security Vulnerabilities
CVE-2023-32786
In Langchain through 0.0.155, prompt injection allows an attacker to force the service to retrieve data from an arbitrary URL, essentially providing SSRF and potentially injecting content into downstream tasks.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-10-20
CVE-2023-46229
LangChain before 0.0.317 allows SSRF via document_loaders/recursive_url_loader.py because crawling can proceed from an external server to an internal server.
CVSS Score
8.8
EPSS Score
0.018
Published
2023-10-19
CVE-2023-44467
langchain_experimental (aka LangChain Experimental) in LangChain before 0.0.306 allows an attacker to bypass the CVE-2023-36258 fix and execute arbitrary code via __import__ in Python code, which is not prohibited by pal_chain/base.py.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-10-09
CVE-2023-39631
An issue in LanChain-ai Langchain v.0.0.245 allows a remote attacker to execute arbitrary code via the evaluate function in the numexpr library.
CVSS Score
9.8
EPSS Score
0.018
Published
2023-09-01
CVE-2023-36281
An issue in langchain v.0.0.171 allows a remote attacker to execute arbitrary code via a JSON file to load_prompt. This is related to __subclasses__ or a template.
CVSS Score
9.8
EPSS Score
0.622
Published
2023-08-22
CVE-2023-38896
An issue in Harrison Chase langchain v.0.0.194 and before allows a remote attacker to execute arbitrary code via the from_math_prompt and from_colored_object_prompt functions.
CVSS Score
9.8
EPSS Score
0.011
Published
2023-08-15
CVE-2023-39659
An issue in langchain langchain-ai v.0.0.232 and before allows a remote attacker to execute arbitrary code via a crafted script to the PythonAstREPLTool._run component.
CVSS Score
9.8
EPSS Score
0.016
Published
2023-08-15
CVE-2023-38860
An issue in LangChain v.0.0.231 allows a remote attacker to execute arbitrary code via the prompt parameter.
CVSS Score
9.8
EPSS Score
0.018
Published
2023-08-15
CVE-2023-36095
An issue in Harrison Chase langchain v.0.0.194 allows an attacker to execute arbitrary code via the python exec calls in the PALChain, affected functions include from_math_prompt and from_colored_object_prompt.
CVSS Score
9.8
EPSS Score
0.032
Published
2023-08-05
CVE-2023-36188
An issue in langchain v.0.0.64 allows a remote attacker to execute arbitrary code via the PALChain parameter in the Python exec method.
CVSS Score
9.8
EPSS Score
0.112
Published
2023-07-06


Products
Pricing
Contact Us

Shodan ® - All rights reserved