AI Threat Alert

CVE-2023-32785

GHSA-8h5w-f6q9-wg35 CRITICAL
Published October 21, 2023

In Langchain before 0.0.247, prompt injection allows execution of arbitrary code against the SQL service provided by the chain....

Full analysis pending. Showing NVD description excerpt.

Affected Systems

Package Ecosystem Vulnerable Range Patched
langchain pip < 0.0.247 0.0.247

Do you use langchain? You're affected.

Severity & Risk

CVSS 3.1
9.8 / 10
EPSS
N/A
KEV Status
Not in KEV
Sophistication
N/A

Recommended Action

Patch available

Update langchain to version 0.0.247

Compliance Impact

Compliance analysis pending. Sign in for full compliance mapping when available.

Technical Details

NVD Description

In Langchain before 0.0.247, prompt injection allows execution of arbitrary code against the SQL service provided by the chain.

Weaknesses (CWE)

CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Primary CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Primary

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

Timeline

Published
October 21, 2023
Last Modified
November 7, 2024
First Seen
March 24, 2026
Back to Threat Feed