CVE-2023-44467
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2023-44467, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2023-10-09

Last updated on: 2024-11-21

Assigner: MITRE

Description

langchain_experimental (aka LangChain Experimental) in LangChain before 0.0.306 allows an attacker to bypass the CVE-2023-36258 fix and execute arbitrary code via __import__ in Python code, which is not prohibited by pal_chain/base.py.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2023-10-09
Last Modified
2024-11-21
Generated
2026-07-04
AI Q&A
2025-04-04
EPSS Evaluated
2026-07-02
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
langchain langchain_experimental 0.0.14

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-NVD-CWE-noinfo

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability in langchain_experimental (LangChain Experimental) prior to version 0.0.306 allows an attacker to bypass an earlier fix (CVE-2023-36258) and execute arbitrary code by leveraging the __import__ function in Python. The code execution is possible because the imported code is not blocked by checks in pal_chainbase.py. [1]

Impact Analysis

If exploited, this vulnerability can allow an attacker to execute arbitrary code, potentially compromising the security of your application or system. This could lead to a wide range of impacts including unauthorized access, data breaches, and disruption of services, as attackers may gain control over the application or its underlying system. [1]

Mitigation Strategies

You should update (or apply the patch to) the langchain_experimental package to version 0.0.306 or later. The provided commit link indicates that the fix has been applied in 0.0.306. [1, 2]

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-44467. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart