CVE-2024-46946
- EPSS 0.62%
- Veröffentlicht 19.09.2024 05:15:11
- Zuletzt bearbeitet 16.07.2025 13:49:54
langchain_experimental (aka LangChain Experimental) 0.1.17 through 0.3.0 for LangChain allows attackers to execute arbitrary code through sympy.sympify (which uses eval) in LLMSymbolicMathChain. LLMSymbolicMathChain was introduced in fcccde406dd9e9b0...
CVE-2024-21513
- EPSS 10.17%
- Veröffentlicht 15.07.2024 05:15:01
- Zuletzt bearbeitet 21.11.2024 08:54:35
Versions of the package langchain-experimental from 0.0.15 and before 0.0.21 are vulnerable to Arbitrary Code Execution when retrieving values from the database, the code will attempt to call 'eval' on all values. An attacker can exploit this vulnera...
CVE-2024-38459
- EPSS 0.08%
- Veröffentlicht 16.06.2024 15:15:51
- Zuletzt bearbeitet 16.07.2025 16:23:10
langchain_experimental (aka LangChain Experimental) before 0.0.61 for LangChain provides Python REPL access without an opt-in step. NOTE; this issue exists because of an incomplete fix for CVE-2024-27444.
CVE-2024-27444
- EPSS 0.13%
- Veröffentlicht 26.02.2024 16:28:00
- Zuletzt bearbeitet 14.07.2025 18:38:58
langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-44467 fix and execute arbitrary code via the __import__, __subclasses__, __builtins__, __globals__, __getattribute__, __bases__, _...