CVE-2023-50944
Prompt Injection vulnerability in apache-airflow (PyPI)
What is CVE-2023-50944 About?
A vulnerability in the GraphCypherQAChain class of langchain-ai/langchainjs allows for prompt injection, leading to SQL injection. This can result in unauthorized data manipulation, exfiltration, and denial of service. Exploitation is remote and can lead to severe consequences.
Affected Software
- apache-airflow
- <2.8.1
- <2.8.1rc1
Technical Details
This vulnerability resides within the GraphCypherQAChain class in langchain-ai/langchainjs versions 0.2.5 and all subsequent versions containing this class. It is a 'Prompt Injection' flaw that can be leveraged to achieve 'SQL Injection'. The vulnerability occurs when user-controlled input is incorporated into prompts that are then used to construct or execute database queries (specifically Cypher, which can often interact with underlying SQL-like data stores or databases). An attacker can inject malicious commands into their prompt that bypass intended query boundaries, allowing them to directly manipulate the database. This allows unauthorized data modification, extraction, deletion, and potentially denial of service. The attack vector is crafted malicious input provided to the GraphCypherQAChain class.
What is the Impact of CVE-2023-50944?
Successful exploitation may allow attackers to perform unauthorized data manipulation (create, update, delete data), exfiltrate sensitive data, cause denial of service by deleting all data, breach multi-tenant security, and compromise the integrity of the database.
What is the Exploitability of CVE-2023-50944?
Exploitation complexity is high, as it requires a deep understanding of prompt engineering, the underlying database query language (Cypher/SQL), and how user input is processed by the GraphCypherQAChain. There are no inherent authentication or privilege requirements related to the vulnerability itself, but the attacker would need access to an application utilizing the vulnerable GraphCypherQAChain class. This is typically a remote exploitation scenario, where malicious input is sent to a web application or service that uses langchainjs. Risk factors include any application directly exposing LLM chains to untrusted user input without robust sanitization, output parsing, or input validation mechanisms, especially when those chains can interact with databases.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2023-50944?
Available Upgrade Options
- apache-airflow
- <2.8.1rc1 → Upgrade to 2.8.1rc1
- apache-airflow
- <2.8.1 → Upgrade to 2.8.1
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://github.com/apache/airflow/commit/8d76538d6e105947272b000581c6fabec20146b1
- https://github.com/apache/airflow/pull/36257
- https://lists.apache.org/thread/92krb5mpcq8qrw4t4j5oooqw7hgd8q7h
- http://www.openwall.com/lists/oss-security/2024/01/24/5
- https://github.com/apache/airflow
- https://github.com/apache/airflow/pull/36257
- https://lists.apache.org/thread/92krb5mpcq8qrw4t4j5oooqw7hgd8q7h
- https://nvd.nist.gov/vuln/detail/CVE-2023-50944
- https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-14.yaml
- https://osv.dev/vulnerability/GHSA-vm5m-qmrx-fw8w
What are Similar Vulnerabilities to CVE-2023-50944?
Similar Vulnerabilities: CVE-2023-49033 , CVE-2023-24016 , CVE-2023-38640 , CVE-2023-3978 , CVE-2023-20593
