CVE Vulnerabilities

CVE-2023-44467

Published: Oct 09, 2023 | Modified: Feb 26, 2024

CVSS 3.x

9.8

CRITICAL

Source:

NVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS 2.x

RedHat/V2

RedHat/V3

Ubuntu

Additional information

NVD	https://nvd.nist.gov/vuln/detail/CVE-2023-44467
CWE	https://cwe.mitre.org/data/definitions/.html

langchain_experimental (aka LangChain Experimental) in LangChain before 0.0.306 allows an attacker to bypass the CVE-2023-36258 fix and execute arbitrary code via import in Python code, which is not prohibited by pal_chain/base.py.

Affected Software

Name	Vendor	Start Version	End Version
Langchain_experimental	Langchain	0.0.14 (including)	0.0.14 (including)

References

https://github.com/langchain-ai/langchain/commit/4c97a10bd0d9385cfee234a63b5bd826a295e483

Aqua Container Security

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.