langchain_experimental (aka LangChain Experimental) 0.1.17 through 0.3.0 for LangChain allows attackers to execute arbitrary code through sympy.sympify (which uses eval) in LLMSymbolicMathChain. LLMSymbolicMathChain was introduced in fcccde406dd9e9b05fc9babcbeb9ff527b0ec0c6 (2023-10-05).
The LLMSymbolicMathChain component, introduced in October 2023, passes input data to the sympy.sympify() function, which internally uses Python's built-in eval() function. The eval() function executes the passed string as Python code without proper validation or sandboxing. An attacker can thus provide a malicious payload that will be directly executed in the context of the application.
An attacker can execute arbitrary code on the server (RCE), which in practice means complete system takeover, disclosure of sensitive data, modification or destruction of data, and the possibility of further lateral movement within the network.
The langchain_experimental package should be updated to a version higher than 0.3.0, according to information in the official LangChain release notes available at the address indicated in the manufacturer's references. Until an update is applied, consider disabling or restricting access to the LLMSymbolicMathChain functionality.
langchain_experimental (LangChain Experimental) in versions 0.1.17 to 0.3.0 inclusive, used as a component of the LangChain ecosystem.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HLangchain Experimental
APPLangchain0.1.17 – 0.3.0
Related vulnerabilities
RCE w LangChain Experimental — obejście poprawki CVE-2023-44467
Versions of the package langchain-experimental from 0.0.15 and before 0.0.21 are vulnerable to Arbitrary Code ...
langchain_experimental (aka LangChain Experimental) before 0.0.61 for LangChain provides Python REPL access wi...
Podatność deserialization injection w funkcjach dumps/dumpd LangChain Core
SSRF w LangChain RequestsToolkit — dostęp do sieci wewnętrznej i metadanych chmury