Published on 24 Jul 2024
Palo Alto Networks researchers have identified two vulnerabilities (CVE-2023-46229 and CVE-2023-44467) in LangChain, a popular open source generative AI framework on GitHub. CVE-2023-44467 has a Common Vulnerability Scoring System (CVSSv3) score of 9.8 out of 10.
The vulnerabilities are:
The vulnerabilities affect LangChain versions prior to 0.0.317.
Users and administrators of affected product versions are advised to update to the latest version immediately.
More information is available here:
https://unit42.paloaltonetworks.com/langchain-vulnerabilities/
https://www.recordedfuture.com/vulnerability-database/CVE-2023-46229
https://www.recordedfuture.com/vulnerability-database/CVE-2023-44467