COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2023-36095

CVE-2023-36095

Severity
critical
Source
NVD · cve
Published
2023-08-05
CVSS
9.8
Reference
https://nvd.nist.gov/vuln/detail/CVE-2023-36095
⚡ RCE shame 50/100 rce

An issue in Harrison Chase langchain v.0.0.194 allows an attacker to execute arbitrary code via the python exec calls in the PALChain, affected functions include from_math_prompt and from_colored_object_prompt.

Players implicated

langchain · vendorlangchain · product

Description

An issue in Harrison Chase langchain v.0.0.194 allows an attacker to execute arbitrary code via the python exec calls in the PALChain, affected functions include from_math_prompt and from_colored_object_prompt.

Affected FedRAMP products 0 in the catalog

No correlated FedRAMP products.