CVE-2023-36189: langchain SQL Injection vulnerability

July 6, 2023 (updated October 21, 2024)

SQL injection vulnerability in langchain allows a remote attacker to obtain sensitive information via the SQLDatabaseChain component.

References

gist.github.com/rharang/9c58d39db8c01db5b7c888e467c0533f
github.com/advisories/GHSA-7q94-qpjr-xpgm
github.com/hwchase17/langchain/issues/5923
github.com/hwchase17/langchain/pull/6051
github.com/langchain-ai/langchain
github.com/langchain-ai/langchain/commit/fab24457bcf8ede882abd11419769c92bc4e7751
github.com/langchain-ai/langchain/issues/5923
github.com/langchain-ai/langchain/issues/5923
github.com/langchain-ai/langchain/pull/8425
github.com/pypa/advisory-database/tree/main/vulns/langchain/PYSEC-2023-110.yaml
nvd.nist.gov/vuln/detail/CVE-2023-36189

Detect and mitigate CVE-2023-36189 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →