{"data":{"id":"da53774d-698f-4479-ad8b-7744f5da7d55","title":"CVE-2024-38459: langchain_experimental (aka LangChain Experimental) before 0.0.61 for LangChain provides Python REPL access without an o","summary":"A security vulnerability in LangChain Experimental (a Python library for building AI applications) before version 0.0.61 allows users to access a Python REPL (read-eval-print loop, an interactive environment where code can be run directly) without requiring explicit permission. This issue happened because a previous attempt to fix a related vulnerability (CVE-2024-27444) was incomplete.","solution":"Update langchain_experimental to version 0.0.61 or later. A patch is available in the commit ce0b0f22a175139df8f41cdcfb4d2af411112009 and the version comparison between 0.0.60 and 0.0.61 shows the fix.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2024-38459","publishedAt":"2024-06-16T19:15:51.840Z","cveId":"CVE-2024-38459","cweIds":["CWE-276"],"cvssScore":"7.8","cvssSeverity":"high","severity":"high","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["LangChain"],"affectedVendorsRaw":["LangChain","langchain_experimental"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00081,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["integrity","confidentiality"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}