langchain-experimental@0.0.39 vulnerabilities
Building applications with LLMs through composability
latest version
0.3.4
latest non vulnerable version
first published
1 years ago
latest version published
4 months ago
licenses detected
- [0,)
Direct Vulnerabilities
Known vulnerabilities in the langchain-experimental package. This does not include vulnerabilities belonging to this package’s dependencies.
How to fix?
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free| Vulnerability | Vulnerable Version |
|---|---|
langchain-experimental is a package that holds experimental LangChain code, intended for research and experimental uses. Affected versions of this package are vulnerable to Improper Access Control due to the provision of Python REPL access without requiring an opt-in step. An attacker can gain unauthorized access or execute arbitrary code by exploiting this oversight. NOTE: This vulnerability derives from an incomplete fix for CVE-2024-27444. How to fix Improper Access Control? Upgrade | [,0.0.61) |
langchain-experimental is a package that holds experimental LangChain code, intended for research and experimental uses. Affected versions of this package are vulnerable to Arbitrary Code Execution.
via the Note: Code is clearly documented as being risky and the correct mitigation strategy is by executing the code in a sandboxed environment. How to fix Arbitrary Code Execution? Upgrade | [,0.0.52) |