CVE-2023-36281
arbitrary code execution vulnerability in langchain (PyPI)
What is CVE-2023-36281 About?
This vulnerability in langchain allows a remote attacker to execute arbitrary code by manipulating the `load_prompt` parameter with a malicious JSON file. This can lead to system compromise and unauthorized operations. The exploitation is facilitated by specific code introspection or template mechanisms.
Affected Software
- langchain
- <0.0.171
- <0.0.312
Technical Details
The vulnerability in langchain (v.0.0.171) is related to the load_prompt parameter, which is susceptible to arbitrary code execution when provided with a specially crafted JSON file. This is often linked to the misuse of Python's __subclasses__ mechanism for object introspection or issues within template engines that allow for code injection. An attacker can embed malicious code within the JSON, which is then processed and executed by the application when load_prompt is called, potentially leveraging insecure deserialization or template rendering.
What is the Impact of CVE-2023-36281?
Successful exploitation may allow attackers to execute arbitrary code, leading to system compromise, data breaches, privilege escalation, or full control of the affected application.
What is the Exploitability of CVE-2023-36281?
Exploitation is remote and primarily involves providing a specially crafted JSON file to the load_prompt parameter. The complexity might vary depending on the specific __subclasses__ or template mechanism exploited, but overall, it appears to be a targeted attack. Authentication requirements are not specified, but typically, an attacker would need a way to submit input to the load_prompt function, which could be authenticated or unauthenticated depending on the application's design. No particular privileges are mentioned other than the ability to control the load_prompt input. The presence of direct JSON input processing and vulnerable introspection/templating mechanisms significantly increases the risk.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| tagomaru | Link | PoC of CVE-2023-36281 |
What are the Available Fixes for CVE-2023-36281?
Available Upgrade Options
- langchain
- <0.0.171 → Upgrade to 0.0.171
- langchain
- <0.0.312 → Upgrade to 0.0.312
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://github.com/langchain-ai/langchain/pull/10252
- https://nvd.nist.gov/vuln/detail/CVE-2023-36281
- https://aisec.today/LangChain-2e6244a313dd46139c5ef28cbcab9e55
- https://github.com/langchain-ai/langchain/releases/tag/v0.0.312
- https://github.com/pypa/advisory-database/tree/main/vulns/langchain/PYSEC-2023-151.yaml
- https://github.com/langchain-ai/langchain
- https://github.com/hwchase17/langchain/issues/4394
- https://github.com/langchain-ai/langchain/releases/tag/v0.0.312
- https://osv.dev/vulnerability/PYSEC-2023-151
- https://github.com/hwchase17/langchain/issues/4394
What are Similar Vulnerabilities to CVE-2023-36281?
Similar Vulnerabilities: CVE-2021-44228 , CVE-2017-9805 , CVE-2020-13935 , CVE-2021-35921 , CVE-2022-26134
