We use cookies to improve your experience on our site.
AVID-2026-R1269
Description
Vulnerability CVE-2023-39659
Details
An issue in langchain langchain-ai v.0.0.232 and before allows a remote attacker to execute arbitrary code via a crafted script to the PythonAstREPLTool._run component.
Reason for inclusion in AVID: CVE-2023-39659 describes remote code execution via LangChain’s PythonAstREPLTool._run in langchain-ai <= 0.0.232. LangChain is a core AI tooling/Framework library used to build AI agents and pipelines. The vulnerability is exploitable through crafted input, enabling arbitrary code execution in affected environments. This is a software supply chain issue affecting components commonly used to build, deploy, and run general-purpose AI systems (dependencies and tooling). It is a clear security vulnerability with practical impact (RCE) and is supported by the CVE references.
References
- NVD entry
- https://github.com/langchain-ai/langchain/issues/7700
- https://github.com/langchain-ai/langchain/pull/5640
Affected or Relevant Artifacts
- Developer: n/a
- Deployer: n/a
- Artifact Details:
| Type | Name |
|---|---|
| System | n/a |
Impact
AVID Taxonomy Categorization
- Risk domains: Security
- SEP subcategories: S0100: Software Vulnerability
- Lifecycle stages: L06: Deployment
Other information
- Report Type: Advisory
- Credits:
- Date Reported: 2023-08-15
- Version: 0.3.3
- AVID Entry