Headline

GHSA-f73w-4m7g-ch9x: Langchain vulnerable to arbitrary code execution via the evaluate function in the numexpr library

An issue in LanChain-ai Langchain v.0.0.245 allows a remote attacker to execute arbitrary code via the evaluate function in the numexpr library.

1 year ago

ghsa

Open in Source

#git

Langchain vulnerable to arbitrary code execution via the evaluate function in the numexpr library

High severity GitHub Reviewed Published Sep 1, 2023 to the GitHub Advisory Database • Updated Sep 1, 2023

Related news

February Linux Patch Wednesday

February Linux Patch Wednesday. There are 561 vulnerabilities in total. 338 in Linux Kernel. Formally, there is one vulnerability with a sign of exploitation in the wild: RCE – 7-Zip (CVE-2025-0411). But it is about Windows MoTW and, naturally, is not exploitable on Linux. There are public exploits for 21 vulnerabilities. Among them there are […]

2 months ago

Alexander V. Leonov

Open in Source

#sql #xss #vulnerability #windows #linux #rce #ssh #postgres #blog

CVE-2023-39631: Warn that evaluate() should not be used on user input · Issue #442 · pydata/numexpr

An issue in LanChain-ai Langchain v.0.0.245 allows a remote attacker to execute arbitrary code via the evaluate function in the numexpr library.

1 year ago

CVE

Open in Source

#debian #git