langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-44467 fix and execute arbitrary code via the __import__, __subclasses__, __builtins__, __globals__, __getattribute__, __bases__, __mro__, or __base__ attribute in Python code. These are not prohibited by pal_chain/base.py.
The pal_chain/base.py module does not block the use of dangerous Python attributes such as __import__, __subclasses__, __builtins__, __globals__, __getattribute__, __bases__, __mro__, and __base__. An attacker can pass crafted Python code containing references to these attributes, allowing escape from the intended code execution environment and execution of arbitrary system commands. The filtering mechanism introduced as a fix for CVE-2023-44467 proved incomplete and can be bypassed using the mentioned attributes.
An attacker can execute arbitrary code on the victim's server without any authentication, leading to complete system takeover, data disclosure, and violation of service integrity and availability.
Update LangChain to version 0.1.8 or newer, which includes a patch available in commit de9a6cdf163ed00adaf2e559203ed0a9ca2f1de7 in the langchain-ai/langchain GitHub repository.
langchain_experimental (LangChain Experimental) in the LangChain package in versions before 0.1.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HLangchain Experimental
APPLangchain< 0.1.8
Related vulnerabilities
RCE w LangChain Experimental przez sympy.sympify w LLMSymbolicMathChain
Versions of the package langchain-experimental from 0.0.15 and before 0.0.21 are vulnerable to Arbitrary Code ...
langchain_experimental (aka LangChain Experimental) before 0.0.61 for LangChain provides Python REPL access wi...
Podatność deserialization injection w funkcjach dumps/dumpd LangChain Core
SSRF w LangChain RequestsToolkit — dostęp do sieci wewnętrznej i metadanych chmury