Replies: 2 comments
-
|
And just for emphasis, we have some of our first production deployments of applications on our platform going on right now, and we are blocked by this vulnerability. And since it's such a broad range of versions, we can't downgrade our way around it. The vulnerability is for @hwchase17 @vbarda - any guidance you have here is appreciated! 🙏 |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
This PR #26783 resolves this issue. Thank you @mercyspirit ! |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I'm using langchain in my job and a recent critical vulnerability CVE-2024-46946 is creating an issue in our deployments:
langchain_experimental (aka LangChain Experimental) 0.1.17 through 0.3.0 for LangChain allows attackers to execute arbitrary code through sympy.sympify (which uses eval) in LLMSymbolicMathChain. LLMSymbolicMathChain was introduced in fcccde4 (2023-10-05).
It seems to be up to the latest version of langchain. Are there any updates on when this will be resolved?
Beta Was this translation helpful? Give feedback.
All reactions