CVE-2023-44467
BaseFortify
Publication date: 2023-10-09
Last updated on: 2024-11-21
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| langchain | langchain_experimental | 0.0.14 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-NVD-CWE-noinfo |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in langchain_experimental (LangChain Experimental) prior to version 0.0.306 allows an attacker to bypass an earlier fix (CVE-2023-36258) and execute arbitrary code by leveraging the __import__ function in Python. The code execution is possible because the imported code is not blocked by checks in pal_chainbase.py. [1]
How can this vulnerability impact me? :
If exploited, this vulnerability can allow an attacker to execute arbitrary code, potentially compromising the security of your application or system. This could lead to a wide range of impacts including unauthorized access, data breaches, and disruption of services, as attackers may gain control over the application or its underlying system. [1]
What immediate steps should I take to mitigate this vulnerability?
You should update (or apply the patch to) the langchain_experimental package to version 0.0.306 or later. The provided commit link indicates that the fix has been applied in 0.0.306. [1, 2]