New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Arbitrary code execution in load_prompt #4849
Comments
14 tasks
14 tasks
moved to experimental, should be good! |
Closing the loop here: the affected code was deleted in #8425 and that change was released in Version v0.0.247 and newer do not have this issue. |
obi1kenobi
added a commit
to obi1kenobi/advisory-database
that referenced
this issue
Aug 29, 2023
The referenced issue has been closed and this comment within it confirms the fix has been published: langchain-ai/langchain#4849 (comment)
oliverchang
pushed a commit
to pypa/advisory-database
that referenced
this issue
Aug 30, 2023
The referenced issue has been closed and this comment within it confirms the fix has been published: langchain-ai/langchain#4849 (comment)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
System Info
LangChain version:0.0.171
windows 10
Who can help?
No response
Information
Related Components
Reproduction
prompt.py
id
command will be executed.Attack scene1: Alice can send prompt file to Bob and let Bob to load it.
Attack scene2: Alice upload the prompt file to a public hub such as 'langchain-hub'. Bob load the prompt from an url.
Expected behavior
The code cannot be executed without any check.
The text was updated successfully, but these errors were encountered: