CVE-2023-32785
Langchain SQL Injection vulnerability
9.8
CRITICAL
CVSS 3.1
Description
In Langchain before 0.0.247, prompt injection allows execution of arbitrary code against the SQL service provided by the chain.
How to fix CVE-2023-32785
To remediate CVE-2023-32785, upgrade the affected package to a fixed version below.
- PyPI/langchain—upgrade to 0.0.247 or later
Is CVE-2023-32785 being exploited?
No exploitation signal available. Neither CISA KEV nor a current EPSS score has been published for CVE-2023-32785.
Affected packages (1)
- from 0, < 0.0.247
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |