CVE-2023-36189: langchain SQL Injection vulnerability
(updated )
SQL injection vulnerability in langchain allows a remote attacker to obtain sensitive information via the SQLDatabaseChain component.
References
- gist.github.com/rharang/9c58d39db8c01db5b7c888e467c0533f
- github.com/advisories/GHSA-7q94-qpjr-xpgm
- github.com/hwchase17/langchain/issues/5923
- github.com/hwchase17/langchain/pull/6051
- github.com/langchain-ai/langchain
- github.com/langchain-ai/langchain/commit/fab24457bcf8ede882abd11419769c92bc4e7751
- github.com/langchain-ai/langchain/issues/5923
- github.com/langchain-ai/langchain/issues/5923
- github.com/langchain-ai/langchain/pull/8425
- github.com/pypa/advisory-database/tree/main/vulns/langchain/PYSEC-2023-110.yaml
- nvd.nist.gov/vuln/detail/CVE-2023-36189
Code Behaviors & Features
Detect and mitigate CVE-2023-36189 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →