Vulnerability Database

296,760

Total vulnerabilities in the database

CVE-2023-32786

In Langchain through 0.0.155, prompt injection allows an attacker to force the service to retrieve data from an arbitrary URL, essentially providing SSRF and potentially injecting content into downstream tasks.

Published: Oct 21, 2023
Updated: May 9, 2024
CVE: CVE-2023-32786
GHSA: GHSA-6h8p-4hx9-w66c
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWEs:

CWE-74
CWE-918

Affected Software
References

Software	From	Fixed in
langchain / langchain	-	0.0.155.x
langchain	-	0.0.329

https://gist.github.com/rharang/d265f46fc3161b31ac2e81db44d662e1
https://github.com/langchain-ai/langchain/pull/12747
https://github.com/langchain-ai/langchain/releases/tag/v0.0.329

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo