AI Threat Alert
CVE-2024-38459
HIGH
Published June 16, 2024
langchain_experimental (aka LangChain Experimental) before 0.0.61 for LangChain provides Python REPL access without an opt-in step. NOTE; this issue exists because of an incomplete fix for...
Full analysis pending. Showing NVD description excerpt.
Affected Systems
| Package | Ecosystem | Vulnerable Range | Patched |
|---|---|---|---|
| langchain-experimental | pip | — | No patch |
Do you use langchain-experimental? You're affected.
Severity & Risk
CVSS 3.1
7.8 / 10
EPSS
N/A
KEV Status
Not in KEV
Sophistication
N/A
Recommended Action
No patch available
Monitor for updates. Consider compensating controls or temporary mitigations.
Compliance Impact
Compliance analysis pending. Sign in for full compliance mapping when available.
Technical Details
NVD Description
langchain_experimental (aka LangChain Experimental) before 0.0.61 for LangChain provides Python REPL access without an opt-in step. NOTE; this issue exists because of an incomplete fix for CVE-2024-27444.
Weaknesses (CWE)
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H References
- github.com/langchain-ai/langchain/commit/ce0b0f22a175139df8f41cdcfb4d2af411112009 Patch
- github.com/langchain-ai/langchain/compare/langchain-experimental==0.0.60...langchain-experimental==0.0.61 Product
- github.com/langchain-ai/langchain/pull/22860 Issue
- github.com/langchain-ai/langchain/commit/ce0b0f22a175139df8f41cdcfb4d2af411112009 Patch
- github.com/langchain-ai/langchain/compare/langchain-experimental==0.0.60...langchain-experimental==0.0.61 Product
- github.com/langchain-ai/langchain/pull/22860 Issue
Timeline
Published
June 16, 2024
Last Modified
July 16, 2025
First Seen
June 16, 2024