langchain SQL Injection vulnerability · CVE-2023-36189 · GitHub Advisory Database · GitHub

langchain SQL Injection vulnerability

High severity GitHub Reviewed Published Jul 6, 2023 to the GitHub Advisory Database • Updated Dec 29, 2023

Package

langchain (pip)

Affected versions

<= 0.0.225

Patched versions

None

Description

SQL injection vulnerability in langchain allows a remote attacker to obtain sensitive information via the SQLDatabaseChain component.

References

Published by the National Vulnerability Database

Jul 6, 2023

Published to the GitHub Advisory Database Jul 6, 2023

Reviewed Jul 6, 2023

Last updated Dec 29, 2023

Severity

High

7.5

/ 10

CVSS base metrics

Attack vector

Network

Attack complexity

Low

Privileges required

None

User interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N