CVE-2024-38459

langchain_experimental (aka LangChain Experimental) before 0.0.61 for LangChain provides Python REPL access without an opt-in step. NOTE; this issue exists because of an incomplete fix for CVE-2024-27444.

CVSS

No CVSS.

References

Link	Resource
https://github.com/langchain-ai/langchain/commit/ce0b0f22a175139df8f41cdcfb4d2af411112009	Patch
https://github.com/langchain-ai/langchain/compare/langchain-experimental==0.0.60...langchain-experimental==0.0.61	Product
https://github.com/langchain-ai/langchain/pull/22860	Issue Tracking
https://github.com/langchain-ai/langchain/commit/ce0b0f22a175139df8f41cdcfb4d2af411112009	Patch
https://github.com/langchain-ai/langchain/pull/22860	Issue Tracking
https://github.com/langchain-ai/langchain/compare/langchain-experimental==0.0.60...langchain-experimental==0.0.61	Product

Configurations

Configuration 1 (hide)

cpe:2.3:a:langchain:langchain-experimental:*:*:*:*:*:*:*:*

History

16 Jul 2025, 16:23

Type	Values Removed	Values Added
CPE		cpe:2.3:a:langchain:langchain-experimental::::::::
First Time		Langchain langchain-experimental Langchain
References	~~() https://github.com/langchain-ai/langchain/compare/langchain-experimental==0.0.60...langchain-experimental==0.0.61 -~~	() https://github.com/langchain-ai/langchain/compare/langchain-experimental==0.0.60...langchain-experimental==0.0.61 - Product
References	~~() https://github.com/langchain-ai/langchain/commit/ce0b0f22a175139df8f41cdcfb4d2af411112009 -~~	() https://github.com/langchain-ai/langchain/commit/ce0b0f22a175139df8f41cdcfb4d2af411112009 - Patch
References	~~() https://github.com/langchain-ai/langchain/pull/22860 -~~	() https://github.com/langchain-ai/langchain/pull/22860 - Issue Tracking

16 Jun 2024, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-06-16 15:15

Updated : 2025-07-16 16:23

NVD link : CVE-2024-38459

Mitre link : CVE-2024-38459

JSON object : View

Products Affected

langchain

langchain-experimental

CWE

No CWE.

JSON object

Attach tags to CVE-2024-38459

Attach tags to `CVE-2024-38459`