CVE-2023-29374 Information

Description

In LangChain through 0.0.131 the LLMMathChain chain allows prompt injection attacks that can execute arbitrary code via the Python exec method.

Reference

https://twitter.com/rharang/status/1641899743608463365/photo/1 https://github.com/hwchase17/langchain/pull/1119 https://github.com/hwchase17/langchain/issues/814 https://github.com/hwchase17/langchain/issues/1026