CVE-2024-46946

Summary

CVE-2024-46946 is a critical vulnerability found in LangChain Experimental versions 0.1.17 through 0.3.0, allowing attackers to execute arbitrary code via the sympy.sympify function in the LLMSymbolicMathChain component. The exploitability score for this vulnerability is 9.8, indicating a high risk, with potential impacts on confidentiality, integrity, and availability of affected systems, all of which are rated as high. To remediate this vulnerability, users should upgrade to a version of LangChain Experimental that is later than 0.3.0. Since the attack can be executed over the network without requiring user interaction or elevated privileges, it poses significant danger to organizations using affected products labeled as 'yw4UwV', 'yw4UwW', and 'yw4_98'. The underlying issue relates to improper input validation as classified by CWE-20.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.