langchain-experimental@0.0.13 vulnerabilities

Building applications with LLMs through composability

latest version

0.0.58
latest non vulnerable version

0.0.58
first published

10 months ago
latest version published

2 days ago
licenses detected
- MIT
  [0,)
View langchain-experimental package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the langchain-experimental package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
C Arbitrary Code Execution langchain-experimental is a package that holds experimental LangChain code, intended for research and experimental uses. Affected versions of this package are vulnerable to Arbitrary Code Execution. via the `__import__`, `__subclasses__`, `__builtins__`, `__globals__`, `__getattribute__`, `__bases__`, `__mro__` or `__base__` attributes in Python code. Note: Code is clearly documented as being risky and the correct mitigation strategy is by executing the code in a sandboxed environment. How to fix Arbitrary Code Execution? Upgrade `langchain-experimental` to version 0.0.52 or higher.	[,0.0.52)
C Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') langchain-experimental is a package that holds experimental LangChain code, intended for research and experimental uses. Affected versions of this package are vulnerable to Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') via the `PALChain` in the `python exec` method. An attacker can bypass the fix for CVE-2023-36258 and execute arbitrary code by exploiting this vulnerability. How to fix Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')? Upgrade `langchain-experimental` to version 0.0.24 or higher.	[,0.0.24)

Arbitrary Code Execution

langchain-experimental is a package that holds experimental LangChain code, intended for research and experimental uses.

Affected versions of this package are vulnerable to Arbitrary Code Execution. via the __import__, __subclasses__, __builtins__, __globals__, __getattribute__, __bases__, __mro__ or __base__ attributes in Python code.

Note: Code is clearly documented as being risky and the correct mitigation strategy is by executing the code in a sandboxed environment.

How to fix Arbitrary Code Execution?

Upgrade langchain-experimental to version 0.0.52 or higher.

[,0.0.52)

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

langchain-experimental is a package that holds experimental LangChain code, intended for research and experimental uses.

Affected versions of this package are vulnerable to Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') via the PALChain in the python exec method. An attacker can bypass the fix for CVE-2023-36258 and execute arbitrary code by exploiting this vulnerability.

How to fix Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')?

Upgrade langchain-experimental to version 0.0.24 or higher.

[,0.0.24)

Go back to all versions of this package

langchain-experimental@0.0.13 vulnerabilities

Building applications with LLMs through composability

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities