Login Sign Up

CVE-2023-34540

9.8 CRITICAL
Remote Code Execution

📋 TL;DR

Langchain versions before 0.0.225 contain a remote code execution vulnerability in the JiraAPIWrapper component. Attackers can execute arbitrary code by sending crafted input to vulnerable systems. This affects any application using the vulnerable Langchain library with JIRA integration.

💻 Affected Systems

Products:
  • Langchain
Versions: All versions before v0.0.225
Operating Systems: All platforms running Python
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems using the JiraAPIWrapper component. Applications without JIRA integration are not vulnerable.

📦 What is this software?

Langchain by Langchain

View all CVEs affecting Langchain →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to execute arbitrary commands, steal data, deploy malware, or pivot to other systems.

🟠

Likely Case

Unauthorized code execution leading to data exfiltration, credential theft, or deployment of backdoors in affected applications.

🟢

If Mitigated

Limited impact through network segmentation and proper input validation, but still significant risk if exploited.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Vulnerability allows RCE via crafted input, suggesting straightforward exploitation once details are known.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v0.0.225

Vendor Advisory: https://github.com/langchain-ai/langchain/releases/tag/v0.0.225

Restart Required: Yes

Instructions:

1. Update Langchain to v0.0.225 or later using pip: pip install --upgrade langchain==0.0.225
2. Restart all applications using Langchain
3. Verify the update was successful

🔧 Temporary Workarounds

Disable JiraAPIWrapper

all

Temporarily disable or remove JIRA integration if not essential

# Remove JIRA-related code from your application
# Comment out or remove JiraAPIWrapper imports and usage

Input Validation

all

Implement strict input validation for JIRA API calls

# Add input sanitization before passing data to JiraAPIWrapper
# Validate and sanitize all user inputs

🧯 If You Can't Patch

  • Network segmentation to isolate systems using vulnerable Langchain versions
  • Implement strict firewall rules to limit access to JIRA API endpoints

🔍 How to Verify

Check if Vulnerable:

Check Langchain version: python -c "import langchain; print(langchain.__version__)"

Check Version:

python -c "import langchain; print(langchain.__version__)"

Verify Fix Applied:

Verify version is 0.0.225 or higher and check for JiraAPIWrapper usage in code

📡 Detection & Monitoring

Log Indicators:

  • Unusual JIRA API calls
  • Suspicious command execution patterns
  • Unexpected process creation from Langchain applications

Network Indicators:

  • Unusual outbound connections from Langchain applications
  • Suspicious JIRA API traffic patterns

SIEM Query:

source="application_logs" AND ("JiraAPIWrapper" OR "langchain") AND (process_execution OR command_injection)

📊 Metadata

CVE ID: CVE-2023-34540
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Published: June 14, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON