github/langchain
1
0
Fork 0
mirror of https://github.com/hwchase17/langchain.git synced 2025-06-02 21:23:32 +00:00
Code Issues Packages Projects Releases Wiki Activity
eugene/why_transition_2
langchain/libs/experimental/tests
History
mercyspirit 0414be4b80
experimental[major]: CVE-2024-46946 fix (#26783) 
Description: Resolve CVE-2024-46946 by switching out sympify with
parse_expr with a very specific allowed set of operations.

https://nvd.nist.gov/vuln/detail/cve-2024-46946

Sympify uses eval which makes it vulnerable to code execution.
parse_expr is limited to specific expressions.

Bandit results

![image](https://github.com/user-attachments/assets/170a6376-7028-4e70-a7ef-9acfb49c1d8a)

---------

Co-authored-by: aqiu7 <aqiu7@gatech.edu>
Co-authored-by: Eugene Yurtsev <eugene@langchain.dev>
Co-authored-by: Eugene Yurtsev <eyurtsev@gmail.com>
2024-09-24 21:37:56 +00:00
..
integration_tests multiple: pydantic 2 compatibility, v0.3 (#26443) 2024-09-13 14:38:45 -07:00
unit_tests experimental[major]: CVE-2024-46946 fix (#26783) 2024-09-24 21:37:56 +00:00
__init__.py Harrison/move experimental (#8084) 2023-07-21 10:36:28 -07:00