RCE in Langchain Langchain-experimental
CVE-2024-21513
Versions of the package langchain-experimental from 0.0.15 and before 0.0.21 are vulnerable to Arbitrary Code Execution when retrieving values from the database, the code will attempt to call 'eval' on all values. An attacker can exploit t…
Vulnerability class: RCE (Remote Code Execution)
EPSS: 0.019 (76.6th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.5 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H.
Affected products
- Langchain Langchain-experimental
- N/a Langchain-experimental — versions 0.0.15
Weakness classification (CWE)
Public proof-of-concept exploits
References
- report@snyk.io (Third Party Advisory)
- report@snyk.io (Broken Link)
- report@snyk.io (Patch)
Frequently asked questions
- What is CVE-2024-21513?
- CVE-2024-21513 is a high-severity vulnerability in Langchain Langchain-experimental, classified under Code Injection. CVSS score: 8.5/10. Published 2024-07-15.
- How severe is CVE-2024-21513?
- High severity. CVSS v3 base score is 8.5 out of 10.
- Is CVE-2024-21513 known to be exploited?
- 7 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.