—
PYSEC-2023-18
Details
In LangChain through 0.0.131, the LLMMathChain chain allows prompt injection attacks that can execute arbitrary code via the Python exec method.
Are you affected?
Enter the version of the package you're using.
Affected packages
References
- https://twitter.com/rharang/status/1641899743608463365/photo/1 [WEB]
- https://github.com/hwchase17/langchain/pull/1119 [WEB]
- https://github.com/hwchase17/langchain/issues/814 [REPORT]
- https://github.com/hwchase17/langchain/issues/1026 [REPORT]
- https://github.com/advisories/GHSA-fprp-p869-w6q2 [ADVISORY]