PyPi: Langchain-Experimental

CVE-2024-38459

Safety vulnerability ID: 71652

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Jun 16, 2024 Updated at Nov 02, 2024

Scan your Python projects for vulnerabilities →

Advisory

Langchain-experimental (aka LangChain Experimental) before 0.0.61 provides Python REPL access without an opt-in step.
NOTE: This issue exists because of an incomplete fix for CVE-2024-27444.

Affected package

langchain-experimental

Latest version: 0.3.3

Building applications with LLMs through composability

Affected versions

Fixed versions

Vulnerability changelog

This vulnerability has no description

Resources

https://github.com/advisories/GHSA-wmvm-9vqv-5qpp
https://github.com/langchain-ai/langchain/commit/ce0b0f22a175139df8f41cdcfb4d2af411112009
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38459
https://inspector.pypi.io/project/langchain-experimental/0.0.61/packages/02/1e/437941420dbf5230344da376961ad4497ae91bea1f7ce46ee389310529e3/langchain_experimental-0.0.61.tar.gz/langchain_experimental-0.0.61/langchain_experimental/pal_chain/base.py#line.20

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application