CVE-2023-38860

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Aug 15, 2023
Updated: Aug 22, 2023
CWE ID 94

Summary

CVE-2023-38860 is a newly identified vulnerability affecting LangChain version 0.0.231. This issue grants remote attackers the ability to execute arbitrary code by manipulating the prompt parameter. Successful exploitation could lead to significant security risks, including data theft or system takeover. LangChain users are strongly urged to update to a patched version as soon as possible to mitigate this threat. Attackers can exploit this vulnerability without authentication or user interaction, making it especially dangerous.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share