CVE-2024-38459

Published: Jun 16, 2024Modified: Jul 16, 2025

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

langchain_experimental (aka LangChain Experimental) before 0.0.61 for LangChain provides Python REPL access without an opt-in step. NOTE; this issue exists because of an incomplete fix for CVE-2024-27444.

Affected (1)

Products: Langchain: Langchain Experimental

Langchain

1 product

Langchain Experimental

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Langchain Langchain Experimental	Before 0.0.61

Related CWEs

CWE-276

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (6)

https://github.com/langchain-ai/langchain/commit/ce0b0f22a175139df8f41cdcfb4d2af411112009

Source: cve@mitre.org

Patch

https://github.com/langchain-ai/langchain/compare/langchain-experimental==0.0.60...langchain-experimental==0.0.61

Source: cve@mitre.org

Product

https://github.com/langchain-ai/langchain/pull/22860

Source: cve@mitre.org

Issue Tracking

https://github.com/langchain-ai/langchain/commit/ce0b0f22a175139df8f41cdcfb4d2af411112009

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://github.com/langchain-ai/langchain/compare/langchain-experimental==0.0.60...langchain-experimental==0.0.61

Source: af854a3a-2127-422b-91ae-364da2661108

Product

https://github.com/langchain-ai/langchain/pull/22860

Source: af854a3a-2127-422b-91ae-364da2661108

Issue Tracking

Timeline

No history available yet.