{"id":"PYSEC-2024-53","details":"langchain_experimental (aka LangChain Experimental) before 0.0.61 for LangChain provides Python REPL access without an opt-in step. NOTE; this issue exists because of an incomplete fix for CVE-2024-27444.","aliases":["CVE-2024-38459","GHSA-wmvm-9vqv-5qpp"],"modified":"2024-06-17T21:42:16.561407Z","published":"2024-06-16T15:15:00Z","references":[{"type":"WEB","url":"https://github.com/langchain-ai/langchain/pull/22860"},{"type":"FIX","url":"https://github.com/langchain-ai/langchain/commit/ce0b0f22a175139df8f41cdcfb4d2af411112009"},{"type":"WEB","url":"https://github.com/langchain-ai/langchain/compare/langchain-experimental==0.0.60...langchain-experimental==0.0.61"}],"affected":[{"package":{"name":"langchain-experimental","ecosystem":"PyPI","purl":"pkg:pypi/langchain-experimental"},"ranges":[{"type":"GIT","repo":"https://github.com/langchain-ai/langchain","events":[{"introduced":"0"},{"fixed":"ce0b0f22a175139df8f41cdcfb4d2af411112009"}]},{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.0.61"}]}],"versions":["0.0.1","0.0.10","0.0.11","0.0.12","0.0.13","0.0.14","0.0.15","0.0.16","0.0.17","0.0.18","0.0.19","0.0.1rc1","0.0.1rc2","0.0.1rc3","0.0.1rc4","0.0.2","0.0.20","0.0.21","0.0.22","0.0.23","0.0.24","0.0.25","0.0.27","0.0.28","0.0.29","0.0.3","0.0.30","0.0.31","0.0.32","0.0.33","0.0.34","0.0.35","0.0.36","0.0.37","0.0.38","0.0.39","0.0.4","0.0.40","0.0.41","0.0.42","0.0.43","0.0.44","0.0.45","0.0.46","0.0.47","0.0.48","0.0.49","0.0.5","0.0.50","0.0.51","0.0.52","0.0.53","0.0.54","0.0.55","0.0.56","0.0.57","0.0.58","0.0.59","0.0.6","0.0.60","0.0.7","0.0.8","0.0.9"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/langchain-experimental/PYSEC-2024-53.yaml"}}],"schema_version":"1.7.3"}