What is CVE-2023-36281?

CVE-2023-36281 is a vulnerability in N/a. Published 2023-08-22.

Is CVE-2023-36281 known to be exploited?

4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2023-36281

An issue in langchain v.0.0.171 allows a remote attacker to execute arbitrary code via a JSON file to load_prompt. This is related to __subclasses__ or a template.

EPSS: 0.622 (98.4th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

tagomaru/CVE-2023-36281
miguelc49/CVE-2023-36281-1
miguelc49/CVE-2023-36281-2
nomi-sec/PoC-in-GitHub

References

github.com/hwchase17/langchain/issues/4394
aisec.today/LangChain-2e6244a313dd46139c5ef28cbcab9e55
github.com/langchain-ai/langchain/releases/tag/v0.0.312

Frequently asked questions

What is CVE-2023-36281?: CVE-2023-36281 is a vulnerability in N/a. Published 2023-08-22.
Is CVE-2023-36281 known to be exploited?: 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.