CVE-2023-36258

Published: Jul 3, 2023
Updated: Mar 1, 2024
CVE: <a href="https://nvd.nist.gov/vuln/detail/CVE-2023-36258" target="_blank" rel="noopener"> CVE-2023-36258
GHSA: <a href="https://github.com/advisories/GHSA-2qmj-7962-cjq8" target="_blank" rel="noopener"> GHSA-2qmj-7962-cjq8
Severity: Critical
Exploit:

An issue in LangChain before 0.0.236 allows an attacker to execute arbitrary code because Python code with os.system, exec, or eval can be used.

CVSS v3:

No CWE or OWASP classifications available.

Software	From	Fixed in
langchain / langchain	0.0.199	0.0.199.x
langchain	-	0.0.247

Vulnerability Database