Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Langroid has a Code Injection vulnerability in TableChatAgent
Vulnerability Description
Langroid is a Python framework to build large language model (LLM)-powered applications. Prior to version 0.53.15, `TableChatAgent` uses `pandas eval()`. If fed by untrusted user input, like the case of a public-facing LLM application, it may be vulnerable to code injection. Langroid 0.53.15 sanitizes input to `TableChatAgent` by default to tackle the most common attack vectors, and added several warnings about the risky behavior in the project documentation.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Vulnerability Title
Langroid 代码注入漏洞
Vulnerability Description
Langroid是Langroid开源的一个利用多代理编程开发LLM的工具。 Langroid 0.53.15之前版本存在代码注入漏洞,该漏洞源于TableChatAgent使用pandas eval处理未经验证的用户输入,可能导致代码注入。
CVSS Information
N/A
Vulnerability Type
N/A