RCE in Langchain Langchain-experimental

CVE-2024-21513

Versions of the package langchain-experimental from 0.0.15 and before 0.0.21 are vulnerable to Arbitrary Code Execution when retrieving values from the database, the code will attempt to call 'eval' on all values. An attacker can exploit t…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.019 (76.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.5 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H.

Affected products

Weakness classification (CWE)

Public proof-of-concept exploits

References

Frequently asked questions

What is CVE-2024-21513?
CVE-2024-21513 is a high-severity vulnerability in Langchain Langchain-experimental, classified under Code Injection. CVSS score: 8.5/10. Published 2024-07-15.
How severe is CVE-2024-21513?
High severity. CVSS v3 base score is 8.5 out of 10.
Is CVE-2024-21513 known to be exploited?
7 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.