Cradicle Explorer

/ data / vuln / langchain / CVE-2023-36188.yaml
CVE-2023-36188.yaml
 1  info:
 2    name: langchain
 3    cve: CVE-2023-36188
 4    summary: langchain 存在任意代码执行漏洞
 5    details: langchain 中的一个问题允许远程攻击者通过 Python exec 方法中的 PALChain 参数执行任意代码。
 6    cvss: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
 7    severity: CRITICAL
 8    security_advise: 升级到 langchain >= "0.0.236" 版本以修复此漏洞。
 9  rule: version < "0.0.236"
10  references:
11   - https://nvd.nist.gov/vuln/detail/CVE-2023-36188
12   - https://github.com/langchain-ai/langchain/issues/5872
13   - https://github.com/langchain-ai/langchain/pull/6003
14   - https://github.com/langchain-ai/langchain/pull/8425
15   - https://github.com/langchain-ai/langchain/commit/e294ba475a355feb95003ed8f1a2b99942509a9e
16   - https://github.com/langchain-ai/langchain
17   - https://github.com/pypa/advisory-database/tree/main/vulns/langchain/PYSEC-2023-109.yaml