{"id":"PYSEC-2023-194","details":"langchain_experimental 0.0.14 allows an attacker to bypass the CVE-2023-36258 fix and execute arbitrary code via the PALChain in the python exec method.","aliases":["CVE-2023-44467","GHSA-gjjr-63x4-v8cq"],"modified":"2025-02-23T07:46:11Z","published":"2023-10-09T20:15:00Z","references":[{"type":"FIX","url":"https://github.com/langchain-ai/langchain/commit/4c97a10bd0d9385cfee234a63b5bd826a295e483"},{"type":"WEB","url":"https://github.com/advisories/GHSA-gjjr-63x4-v8cq"}],"affected":[{"package":{"name":"langchain-experimental","ecosystem":"PyPI","purl":"pkg:pypi/langchain-experimental"},"ranges":[{"type":"GIT","repo":"https://github.com/langchain-ai/langchain","events":[{"introduced":"0"},{"fixed":"4c97a10bd0d9385cfee234a63b5bd826a295e483"}]},{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.0.15"}]}],"versions":["0.0.1","0.0.10","0.0.11","0.0.12","0.0.13","0.0.14","0.0.1rc1","0.0.1rc2","0.0.1rc3","0.0.1rc4","0.0.2","0.0.3","0.0.4","0.0.5","0.0.6","0.0.7","0.0.8","0.0.9"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/langchain-experimental/PYSEC-2023-194.yaml"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}