AI Threat Alert

CVE-2023-36189

GHSA-7q94-qpjr-xpgm HIGH
Published July 6, 2023

SQL injection vulnerability in langchain before v0.0.247 allows a remote attacker to obtain sensitive information via the SQLDatabaseChain...

Full analysis pending. Showing NVD description excerpt.

Affected Systems

Package Ecosystem Vulnerable Range Patched
langchain pip >= 0, < 0.0.247 0.0.247
langchain pip No patch

Severity & Risk

CVSS 3.1
7.5 / 10
EPSS
0.2%
chance of exploitation in 30 days
KEV Status
Not in KEV
Sophistication
N/A

Recommended Action

Patch available

Update langchain to version 0.0.247

Compliance Impact

Compliance analysis pending. Sign in for full compliance mapping when available.

Technical Details

NVD Description

SQL injection vulnerability in langchain before v0.0.247 allows a remote attacker to obtain sensitive information via the SQLDatabaseChain component.

Weaknesses (CWE)

CWE-89 Primary CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Primary CWE-89

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References

Timeline

Published
July 6, 2023
Last Modified
November 21, 2024
First Seen
July 6, 2023
Back to Threat Feed