CVE-2024-27444

CRITICAL Year: 2024
CVSS v3 Score
9.8
Critical
Weakness Type
CWE-749
View all →

Vulnerability Description

langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-44467 fix and execute arbitrary code via the __import__, __subclasses__, __builtins__, __globals__, __getattribute__, __bases__, __mro__, or __base__ attribute in Python code. These are not prohibited by pal_chain/base.py.

Related Vulnerabilities

CVE-2018-10931

CRITICAL
CVSS:9.8(Critical)

It was found that cobbler 2.6.x exposed all functions from its CobblerXMLRPCInterface class over XMLRPC. A remote, unauthenticated attacker could use this flaw to gain high privileges within cobbler, ...

CWE-7492018

CVE-2019-18342

CRITICAL
CVSS:9.8(Critical)

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The SFTP service (default port 22/tcp) of the Control Center Server (CCS) does not properly limit its capabi...

CWE-7492019

CVE-2020-15623

CRITICAL
CVSS:9.8(Critical)

This vulnerability allows remote attackers to write arbitrary files on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The s...

CWE-7492020

CVE-2020-8212

CRITICAL
CVSS:9.8(Critical)

Improper access control in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 allows acce...

CWE-7492020

CVE-2021-26614

CRITICAL
CVSS:9.8(Critical)

ius_get.cgi in IpTime C200 camera allows remote code execution. A remote attacker may send a crafted parameters to the exposed vulnerable web service interface which invokes the arbitrary shell comman...

CWE-7492021

CVE-2021-42128

CRITICAL
CVSS:9.8(Critical)

An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 using inforail Service allows Privilege Escalation via Enterprise Server Service.

CWE-7492021