Low osv · GHSA-f73w-4m7g-ch9x

Langchain vulnerable to arbitrary code execution via the evaluate function in the numexpr library

Published Sep 1, 2023 CVSS 3.1

An issue in LanChain-ai Langchain v.0.0.245 allows a remote attacker to execute arbitrary code via the evaluate function in the numexpr library.

Patches: Released in v.0.0.308. numexpr dependency is optional for langchain.

Remote Code Execution

langchain

Get the weekly digest. Every Monday: top AI security stories of the week. Free.