CVE-2023-36258

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Jul 3, 2023

Updated: Feb 26, 2024

Summary

CVE-2023-36258 is a newly disclosed vulnerability affecting LangChain before version 0.0.236. This issue grants attackers the ability to execute arbitrary code through the use of Python functions such as os.system, exec, or eval. By exploiting this weakness, malicious actors can potentially gain unauthorized access, install unauthorized software, or disrupt system operations. Due to the seriousness of this vulnerability, it is strongly recommended that users upgrade to the latest version of LangChain as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/r3WazC
https://www.cve.org/CVERecord?id=CVE-2023-36258
https://nvd.nist.gov/vuln/detail/CVE-2023-36258

Back to Vulnerability Database

CVE-2023-36258

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations