langchain-experimental@0.0.59 vulnerabilities

Building applications with LLMs through composability

latest version

0.3.3
latest non vulnerable version

0.3.3
first published

a year ago
latest version published

19 days ago
licenses detected
- MIT
  [0,)
View langchain-experimental package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the langchain-experimental package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
M Eval Injection langchain-experimental is a package that holds experimental LangChain code, intended for research and experimental uses. Affected versions of this package are vulnerable to Eval Injection in `SymbolicMathChain` component, through the `sympify` function. An attacker can execute arbitrary commands or code by supplying malicious input to this function. How to fix Eval Injection? Upgrade `langchain-experimental` to version 0.3.1 or higher.	[0.0.58,0.3.1)
H Improper Access Control langchain-experimental is a package that holds experimental LangChain code, intended for research and experimental uses. Affected versions of this package are vulnerable to Improper Access Control due to the provision of Python REPL access without requiring an opt-in step. An attacker can gain unauthorized access or execute arbitrary code by exploiting this oversight. NOTE: This vulnerability derives from an incomplete fix for CVE-2024-27444. How to fix Improper Access Control? Upgrade `langchain-experimental` to version 0.0.61 or higher.	[,0.0.61)

Eval Injection

langchain-experimental is a package that holds experimental LangChain code, intended for research and experimental uses.

Affected versions of this package are vulnerable to Eval Injection in SymbolicMathChain component, through the sympify function. An attacker can execute arbitrary commands or code by supplying malicious input to this function.

How to fix Eval Injection?

Upgrade langchain-experimental to version 0.3.1 or higher.

[0.0.58,0.3.1)

Improper Access Control

langchain-experimental is a package that holds experimental LangChain code, intended for research and experimental uses.

Affected versions of this package are vulnerable to Improper Access Control due to the provision of Python REPL access without requiring an opt-in step. An attacker can gain unauthorized access or execute arbitrary code by exploiting this oversight.

NOTE:

This vulnerability derives from an incomplete fix for CVE-2024-27444.

How to fix Improper Access Control?

Upgrade langchain-experimental to version 0.0.61 or higher.

[,0.0.61)

Go back to all versions of this package

langchain-experimental@0.0.59 vulnerabilities

Building applications with LLMs through composability

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities