CVE-2023-32786
Prompt Injection vulnerability in langchain (PyPI)
What is CVE-2023-32786 About?
Langchain before version 0.0.329 is vulnerable to prompt injection, enabling attackers to force the service to fetch data from arbitrary URLs. This leads to Server-Side Request Forgery (SSRF) and potential content injection into downstream tasks. Exploitation requires crafting malicious prompts, which can be moderately difficult but highly impactful.
Affected Software
Technical Details
This Prompt Injection vulnerability in Langchain (versions prior to 0.0.329) allows an attacker to manipulate the input given to the language model (LM) in such a way that it executes unintended instructions. Specifically, the attacker can craft prompts that include directives for the LM to make HTTP requests or retrieve data from an arbitrary URL. This effectively turns the Langchain application into a proxy for Server-Side Request Forgery (SSRF) attacks, enabling the attacker to scan internal networks, access internal services, or exfiltrate data from web resources. Furthermore, the retrieved content can then be injected into subsequent processing steps or downstream tasks, potentially leading to further data manipulation or execution of malicious logic within the Langchain's operational flow.
What is the Impact of CVE-2023-32786?
Successful exploitation may allow attackers to perform Server-Side Request Forgery (SSRF), access internal network resources, exfiltrate data, and inject malicious content into subsequent processing tasks.
What is the Exploitability of CVE-2023-32786?
Exploitation of this prompt injection vulnerability typically involves an attacker crafting a malicious prompt designed to trick the Langchain application into performing unintended actions, such as making network requests. The complexity level is moderate, as it requires understanding how prompts are interpreted and identifying injection vectors. No authentication is explicitly stated as being required, meaning if an attacker can submit prompts, they might be able to exploit it. No special privileges are necessary beyond the ability to interact with the Langchain application. This is a remote vulnerability, as the attacker simply sends malicious input over the network. Risk factors are high if the Langchain application processes untrusted user input which is then fed directly into the language model, and if the application has broad network access or sensitive internal resources.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2023-32786?
Available Upgrade Options
- langchain
- <0.0.329 → Upgrade to 0.0.329
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://gist.github.com/rharang/d265f46fc3161b31ac2e81db44d662e1
- https://github.com/langchain-ai/langchain
- https://osv.dev/vulnerability/GHSA-6h8p-4hx9-w66c
- https://github.com/langchain-ai/langchain/pull/12747
- https://nvd.nist.gov/vuln/detail/CVE-2023-32786
- https://gist.github.com/rharang/d265f46fc3161b31ac2e81db44d662e1
- https://github.com/langchain-ai/langchain/releases/tag/v0.0.329
What are Similar Vulnerabilities to CVE-2023-32786?
Similar Vulnerabilities: CVE-2023-39631 , CVE-2023-24040 , CVE-2023-40455 , CVE-2023-37286 , CVE-2023-28432
