langchain-experimental 0.0.49 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the langchain-experimental package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
H Improper Access Control langchain-experimental is a package that holds experimental LangChain code, intended for research and experimental uses. Affected versions of this package are vulnerable to Improper Access Control due to the provision of Python REPL access without requiring an opt-in step. An attacker can gain unauthorized access or execute arbitrary code by exploiting this oversight. NOTE: This vulnerability derives from an incomplete fix for CVE-2024-27444. How to fix Improper Access Control? Upgrade `langchain-experimental` to version 0.0.61 or higher.	[,0.0.61)
C Arbitrary Code Execution langchain-experimental is a package that holds experimental LangChain code, intended for research and experimental uses. Affected versions of this package are vulnerable to Arbitrary Code Execution. via the `__import__`, `__subclasses__`, `__builtins__`, `__globals__`, `__getattribute__`, `__bases__`, `__mro__` or `__base__` attributes in Python code. Note: Code is clearly documented as being risky and the correct mitigation strategy is by executing the code in a sandboxed environment. How to fix Arbitrary Code Execution? Upgrade `langchain-experimental` to version 0.0.52 or higher.	[,0.0.52)

Vulnerability

Vulnerable Version

Improper Access Control

langchain-experimental is a package that holds experimental LangChain code, intended for research and experimental uses.

Affected versions of this package are vulnerable to Improper Access Control due to the provision of Python REPL access without requiring an opt-in step. An attacker can gain unauthorized access or execute arbitrary code by exploiting this oversight.

NOTE:

This vulnerability derives from an incomplete fix for CVE-2024-27444.

How to fix Improper Access Control?

Upgrade langchain-experimental to version 0.0.61 or higher.

[,0.0.61)

Arbitrary Code Execution

langchain-experimental is a package that holds experimental LangChain code, intended for research and experimental uses.

Affected versions of this package are vulnerable to Arbitrary Code Execution. via the __import__, __subclasses__, __builtins__, __globals__, __getattribute__, __bases__, __mro__ or __base__ attributes in Python code.

Note: Code is clearly documented as being risky and the correct mitigation strategy is by executing the code in a sandboxed environment.

How to fix Arbitrary Code Execution?

Upgrade langchain-experimental to version 0.0.52 or higher.

[,0.0.52)

langchain-experimental@0.0.49 vulnerabilities

Building applications with LLMs through composability

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities

Fix vulnerabilities automatically