Vulnerability	Vulnerable Version
M Arbitrary Code Injection langroid is a Harness LLMs with Multi-Agent Programming Affected versions of this package are vulnerable to Arbitrary Code Injection due to the use of `pandas eval()` function. An attacker can execute arbitrary code by supplying malicious input to this function. This is only exploitable if the application is public-facing and accepts user input directly into the `TableChatAgent`. How to fix Arbitrary Code Injection? Upgrade `langroid` to version 0.53.15 or higher.	[,0.53.15)
M Arbitrary Code Injection langroid is a Harness LLMs with Multi-Agent Programming Affected versions of this package are vulnerable to Arbitrary Code Injection through the `compute_from_docs` process. An attacker can execute arbitrary code by manipulating the input data to the `QueryPlan.dataframe_calc` method. How to fix Arbitrary Code Injection? Upgrade `langroid` to version 0.53.15 or higher.	[,0.53.15)
H XML External Entity (XXE) Injection langroid is a Harness LLMs with Multi-Agent Programming Affected versions of this package are vulnerable to XML External Entity (XXE) Injection through the `XMLToolMessage` class. An attacker can cause denial of service or access sensitive local files by submitting specially crafted XML content. How to fix XML External Entity (XXE) Injection? Upgrade `langroid` to version 0.53.4 or higher.	[,0.53.4)

Go back to all versions of this package