Vulnerabilities > CVE-2023-34540 - Unspecified vulnerability in Langchain 0.0.171
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Langchain before v0.0.225 was discovered to contain a remote code execution (RCE) vulnerability in the component JiraAPIWrapper (aka the JIRA API wrapper). This vulnerability allows attackers to execute arbitrary code via crafted input. As noted in the "releases/tag" reference, a fix is available.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
References
- https://github.com/hwchase17/langchain/issues/4833
- https://github.com/langchain-ai/langchain/pull/6992
- https://github.com/langchain-ai/langchain/releases/tag/v0.0.225
- https://github.com/hwchase17/langchain/issues/4833
- https://github.com/langchain-ai/langchain/releases/tag/v0.0.225
- https://github.com/langchain-ai/langchain/pull/6992