Incorrect Default Permissions

CVE-2024-38459

High

7.8/10

Summary

The package langchain-experimental (aka LangChain Experimental) prior to 0.0.61 for LangChain provides Python REPL access without an opt-in step. NOTE: This issue exists because of an incomplete fix for CVE-2024-27444.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-276 - Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References

Advisory
Pull request

Advisory Timeline

Published Jun 16, 2024

Incorrect Default Permissions

CVE-2024-38459

Summary

CWE-276 - Incorrect Default Permissions

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS