Vulnerability DatabaseCVE-2023-32786
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2023-32786
October 20, 2023
In Langchain through 0.0.155, prompt injection allows an attacker to force the service to retrieve data from an arbitrary URL, essentially providing SSRF and potentially injecting content into downstream tasks.
Affected Packages
langchain (PYTHON):
Affected version(s) >=0.0.1 <0.0.329
Fix Suggestion:
Update to version 0.0.329
Related Resources (5)
https://github.com/langchain-ai/langchain/releases/tag/v0.0.329
https://github.com/langchain-ai/langchain/pull/12747
https://nvd.nist.gov/vuln/detail/CVE-2023-32786
https://gist.github.com/rharang/d265f46fc3161b31ac2e81db44d662e1
https://github.com/langchain-ai/langchain
Do you need more information?
Contact Us
CVSS v4
Base Score:
8.7
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
NONE
Vulnerable System Availability
NONE
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
NONE
Weakness Type (CWE)
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-74
Server-Side Request Forgery (SSRF)
CWE-918
EPSS
Base Score:
0.13