CVE-2023-32785: Langchain SQL Injection vulnerability

October 21, 2023 (updated November 7, 2024)

In Langchain before 0.0.247, prompt injection allows execution of arbitrary code against the SQL service provided by the chain.

References

gist.github.com/rharang/9c58d39db8c01db5b7c888e467c0533f
github.com/advisories/GHSA-8h5w-f6q9-wg35
github.com/langchain-ai/langchain
github.com/langchain-ai/langchain/issues/5923
nvd.nist.gov/vuln/detail/CVE-2023-32785

Detect and mitigate CVE-2023-32785 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →