Log in Sign up KO

CRITICAL 9.8

PYSEC-2023-151

Details

An issue in langchain v.0.0.171 allows a remote attacker to execute arbitrary code via the via the a json file to the load_prompt parameter.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / langchain

Introduced in: 0 Fixed in: 0.0.171

Fix pip install --upgrade 'langchain>=0.0.171'

References

https://github.com/hwchase17/langchain/issues/4394 [EVIDENCE]
https://github.com/hwchase17/langchain/issues/4394 [REPORT]
https://github.com/hwchase17/langchain/issues/4394 [ADVISORY]
https://aisec.today/LangChain-2e6244a313dd46139c5ef28cbcab9e55 [EVIDENCE]
https://aisec.today/LangChain-2e6244a313dd46139c5ef28cbcab9e55 [WEB]
https://github.com/advisories/GHSA-7gfq-f96f-g85j [ADVISORY]