cve/2023/CVE-2023-29374.md

CVE-2023-29374

Description

In LangChain through 0.0.131, the LLMMathChain chain allows prompt injection attacks that can execute arbitrary code via the Python exec method.

POC

Reference

• https://github.com/hwchase17/langchain/issues/1026

Github

• https://github.com/cckuailong/awesome-gpt-security
• https://github.com/corca-ai/awesome-llm-security
• https://github.com/invariantlabs-ai/invariant
• https://github.com/zgimszhd61/llm-security-quickstart