CVE-2023-32786

HIGH

Published October 20, 2023

In Langchain through 0.0.155, prompt injection allows an attacker to force the service to retrieve data from an arbitrary URL, essentially providing SSRF and potentially injecting content into...

Full analysis pending. Showing NVD description excerpt.

Affected Systems

Package	Ecosystem	Vulnerable Range	Patched
langchain	pip	—	No patch

Do you use langchain? You're affected.

Severity & Risk

CVSS 3.1

7.5 / 10

EPSS

N/A

KEV Status

Not in KEV

Sophistication

N/A

Recommended Action

No patch available

Monitor for updates. Consider compensating controls or temporary mitigations.

Compliance Impact

Compliance analysis pending. Sign in for full compliance mapping when available.

Technical Details

NVD Description

In Langchain through 0.0.155, prompt injection allows an attacker to force the service to retrieve data from an arbitrary URL, essentially providing SSRF and potentially injecting content into downstream tasks.

Weaknesses (CWE)

CWE-74 Primary

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References

gist.github.com/rharang/d265f46fc3161b31ac2e81db44d662e1
3rd Party
gist.github.com/rharang/d265f46fc3161b31ac2e81db44d662e1
3rd Party

Timeline

Published

October 20, 2023

Last Modified

November 21, 2024

First Seen

October 20, 2023

Back to Threat Feed