Tool Abuse / Excessive AgencyCritical

LangChain LLMMathChain arbitrary code execution (CVE-2023-29374)

April 2023  ·  LangChain

What happened

LLMMathChain passed LLM-generated text into Python exec/eval to evaluate math. A crafted prompt could make the LLM emit Python that escaped the math context and executed arbitrary code on the host (CVSS 9.8).

Root cause

Insecure use of exec/eval on LLM output with no sandboxing, a classic prompt-injection-to-code-execution.

Fix / outcome

Fixed in LangChain 0.0.142 and later with safer numeric evaluation.

Sources

GitHub Advisory

Learn this attack class

This incident is an example of Tool Abuse / Excessive Agency. Read the guide, then try it hands-on in the Academy.

Read the guide →Try the challenge

← Back to the Incident Database