github/langchain
1
0
Fork 0
mirror of https://github.com/hwchase17/langchain.git synced 2025-08-09 21:08:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
erick/multiple-update-docs-urls-to-latest
langchain/libs/experimental/langchain_experimental/llm_symbolic_math
History
mercyspirit 0414be4b80
experimental[major]: CVE-2024-46946 fix (#26783) 
Description: Resolve CVE-2024-46946 by switching out sympify with
parse_expr with a very specific allowed set of operations.

https://nvd.nist.gov/vuln/detail/cve-2024-46946

Sympify uses eval which makes it vulnerable to code execution.
parse_expr is limited to specific expressions.

Bandit results

![image](https://github.com/user-attachments/assets/170a6376-7028-4e70-a7ef-9acfb49c1d8a)

---------

Co-authored-by: aqiu7 <aqiu7@gatech.edu>
Co-authored-by: Eugene Yurtsev <eugene@langchain.dev>
Co-authored-by: Eugene Yurtsev <eyurtsev@gmail.com>
2024-09-24 21:37:56 +00:00
..
__init__.py experimental[patch]: update module doc strings (#19539) 2024-03-26 10:38:10 -04:00
base.py experimental[major]: CVE-2024-46946 fix (#26783) 2024-09-24 21:37:56 +00:00
prompt.py experimental[patch]: prompts import fix (#20534) 2024-04-18 16:09:11 -04:00