CVE-2023-39659

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Aug 15, 2023
Updated: Aug 22, 2023
CWE ID 74

Summary

CVE-2023-39659 is a new vulnerability affecting the langchain langchain-ai software version 0.0.232 and earlier. This issue grants remote attackers the ability to execute arbitrary code by crafting a malicious script that interacts with the PythonAstREPLTool._run component. Successful exploitation could lead to significant security risks, including unauthorized system access and data theft. It is recommended that users of these affected versions upgrade to a patched version as soon as possible to mitigate this vulnerability. Failure to do so could result in serious consequences.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share