{"data":{"id":"4a16d742-d84c-4ecc-9d6a-dbae7381c311","title":"CVE-2023-44467: langchain_experimental (aka LangChain Experimental) in LangChain before 0.0.306 allows an attacker to bypass the CVE-202","summary":"CVE-2023-44467 is a vulnerability in LangChain Experimental (a library for building AI applications) before version 0.0.306 that allows attackers to bypass a previous security fix and run arbitrary code (unauthorized commands) on a system using the __import__ function in Python, which the pal_chain/base.py file failed to block.","solution":"Upgrade LangChain to version 0.0.306 or later. A patch is available at https://github.com/langchain-ai/langchain/commit/4c97a10bd0d9385cfee234a63b5bd826a295e483.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2023-44467","publishedAt":"2023-10-10T00:15:10.480Z","cveId":"CVE-2023-44467","cweIds":null,"cvssScore":"9.8","cvssSeverity":"critical","severity":"critical","attackType":[],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["LangChain"],"affectedVendorsRaw":["LangChain","langchain_experimental"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00115,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}