CVE-2023-34540
published 2023-06-14CVE-2023-34540: Langchain before v0.0.225 was discovered to contain a remote code execution (RCE) vulnerability in the component JiraAPIWrapper (aka the JIRA API wrapper)…
PriorityP260critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.68%
74.1th percentile
Langchain before v0.0.225 was discovered to contain a remote code execution (RCE) vulnerability in the component JiraAPIWrapper (aka the JIRA API wrapper). This vulnerability allows attackers to execute arbitrary code via crafted input. As noted in the "releases/tag" reference, a fix is available.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| langchain | langchain | — | — |
| langchain | langchain | >= 0 < 0.0.225 | 0.0.225 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Langchain OS Command Injection vulnerability
ghsa·2023-06-14
CVE-2023-34540 [CRITICAL] CWE-78 Langchain OS Command Injection vulnerability
Langchain OS Command Injection vulnerability
Langchain before v0.0.225 was discovered to contain a remote code execution (RCE) vulnerability in the component JiraAPIWrapper (aka the JIRA API wrapper). This vulnerability allows attackers to execute arbitrary code via crafted input. As noted in the "releases/tag" reference, a fix is available.
OSV
Langchain OS Command Injection vulnerability
osv·2023-06-14
CVE-2023-34540 [CRITICAL] Langchain OS Command Injection vulnerability
Langchain OS Command Injection vulnerability
Langchain before v0.0.225 was discovered to contain a remote code execution (RCE) vulnerability in the component JiraAPIWrapper (aka the JIRA API wrapper). This vulnerability allows attackers to execute arbitrary code via crafted input. As noted in the "releases/tag" reference, a fix is available.
OSV
CVE-2023-34540: Langchain 0
osv·2023-06-14
CVE-2023-34540 CVE-2023-34540: Langchain 0
Langchain 0.0.171 is vulnerable to Arbitrary Code Execution.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/hwchase17/langchain/issues/4833https://github.com/langchain-ai/langchain/pull/6992https://github.com/langchain-ai/langchain/releases/tag/v0.0.225https://github.com/hwchase17/langchain/issues/4833https://github.com/langchain-ai/langchain/pull/6992https://github.com/langchain-ai/langchain/releases/tag/v0.0.225
2023-06-14
Published