Vulnerabilities > CVE-2023-44467 - Unspecified vulnerability in Langchain Experimental 0.0.14

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

langchain

critical

NVD

Published: 2023-10-09

Updated: 2024-02-26

Summary

langchain_experimental (aka LangChain Experimental) in LangChain before 0.0.306 allows an attacker to bypass the CVE-2023-36258 fix and execute arbitrary code via __import__ in Python code, which is not prohibited by pal_chain/base.py.

Vulnerable Configurations

Part	Description	Count
Application	Langchain Langchain Langchain Experimental 0.0.14	1

References

https://github.com/langchain-ai/langchain/commit/4c97a10bd0d9385cfee234a63b5bd826a295e483