Cradicle Explorer
ai-agents-security_AI-Infra-Guard
/ data / vuln_en / langchain / CVE-2023-36188.yaml
CVE-2023-36188.yaml
 1  info:
 2    name: langchain
 3    cve: CVE-2023-36188
 4    summary: langchain vulnerable to arbitrary code execution
 5    details: |
 6      An issue in langchain allows a remote attacker to execute arbitrary code via the PALChain parameter in the Python exec method.
 7    cvss: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
 8    severity: CRITICAL
 9    security_advise: |
10      1. Upgrade to langchain >= 0.0.236
11      2. Review and restrict the use of the PALChain parameter in the Python exec method to prevent unauthorized code execution
12  rule: version < "0.0.236"
13  references:
14    - https://nvd.nist.gov/vuln/detail/CVE-2023-36188
15    - https://github.com/langchain-ai/langchain/issues/5872
16    - https://github.com/langchain-ai/langchain/pull/6003
17    - https://github.com/langchain-ai/langchain/pull/8425
18    - https://github.com/langchain-ai/langchain/commit/e294ba475a355feb95003ed8f1a2b99942509a9e
19    - https://github.com/langchain-ai/langchain
20    - https://github.com/pypa/advisory-database/tree/main/vulns/langchain/PYSEC-2023-109.yaml