CVE-2023-36095 Information

Description

An issue in Harrison Chase langchain v.0.0.194 allows an attacker to execute arbitrary code via the PALChainfrom_math_prompt(llm).run in the python exec method.

Reference

https://github.com/hwchase17/langchain http://langchain.com https://github.com/langchain-ai/langchain/issues/5872