CVE-2024-38459
published 2024-06-16CVE-2024-38459: langchain_experimental (aka LangChain Experimental) before 0.0.61 for LangChain provides Python REPL access without an opt-in step. NOTE; this issue exists…
PriorityP434high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
EPSS
0.22%
13.0th percentile
langchain_experimental (aka LangChain Experimental) before 0.0.61 for LangChain provides Python REPL access without an opt-in step. NOTE; this issue exists because of an incomplete fix for CVE-2024-27444.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| langchain | langchain-experimental | < 0.0.61 | 0.0.61 |
| langchain | langchain-experimental | >= 0 < 0.0.61 | 0.0.61 |
| langchain | langchain-experimental | >= 0 < ce0b0f22a175139df8f41cdcfb4d2af411112009 | ce0b0f22a175139df8f41cdcfb4d2af411112009 |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
ghsa9.8CRITICAL
osv9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
langchain_experimental Code Execution via Python REPL access
ghsa·2024-06-16·CVSS 9.8
CVE-2024-38459 [CRITICAL] CWE-276 langchain_experimental Code Execution via Python REPL access
langchain_experimental Code Execution via Python REPL access
langchain_experimental (aka LangChain Experimental) before 0.0.61 for LangChain provides Python REPL access without an opt-in step. NOTE; this issue exists because of an incomplete fix for CVE-2024-27444.
OSV
CVE-2024-38459: langchain_experimental (aka LangChain Experimental) before 0
osv·2024-06-16·CVSS 9.8
CVE-2024-38459 [CRITICAL] CVE-2024-38459: langchain_experimental (aka LangChain Experimental) before 0
langchain_experimental (aka LangChain Experimental) before 0.0.61 for LangChain provides Python REPL access without an opt-in step. NOTE; this issue exists because of an incomplete fix for CVE-2024-27444.
OSV
langchain_experimental Code Execution via Python REPL access
osv·2024-06-16·CVSS 9.8
CVE-2024-38459 [CRITICAL] langchain_experimental Code Execution via Python REPL access
langchain_experimental Code Execution via Python REPL access
langchain_experimental (aka LangChain Experimental) before 0.0.61 for LangChain provides Python REPL access without an opt-in step. NOTE; this issue exists because of an incomplete fix for CVE-2024-27444.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/langchain-ai/langchain/commit/ce0b0f22a175139df8f41cdcfb4d2af411112009https://github.com/langchain-ai/langchain/compare/langchain-experimental==0.0.60...langchain-experimental==0.0.61https://github.com/langchain-ai/langchain/pull/22860https://github.com/langchain-ai/langchain/commit/ce0b0f22a175139df8f41cdcfb4d2af411112009https://github.com/langchain-ai/langchain/compare/langchain-experimental==0.0.60...langchain-experimental==0.0.61https://github.com/langchain-ai/langchain/pull/22860
2024-06-16
Published