PyPi: Langchain-Experimental

CVE-2024-27444

Safety vulnerability ID: 68479

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Feb 26, 2024 Updated at Nov 02, 2024

Scan your Python projects for vulnerabilities →

Advisory

Langchain-experimental (aka LangChain Experimental) allows attackers to bypass the CVE-2023-44467 fix and execute arbitrary code via the __import__, __subclasses__, __builtins__, __globals__, __getattribute__, __bases__, __mro__, or __base__ attribute in Python code. These are not prohibited by pal_chain/base.py.

Affected package

langchain-experimental

Latest version: 0.3.3

Building applications with LLMs through composability

Affected versions

Fixed versions

Vulnerability changelog

This vulnerability has no description

Resources

https://github.com/advisories/GHSA-v8vj-cv27-hjv8
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27444
https://inspector.pypi.io/project/langchain-experimental/0.0.52/packages/3c/6d/8d46508fd8b9935a29e31158908608ae68afef4a97af025965bb476a593f/langchain_experimental-0.0.52.tar.gz/langchain_experimental-0.0.52/langchain_experimental/pal_chain/base.py#line.24

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application