Skip to content

Instantly share code, notes, and snippets.

@12end
Created September 19, 2024 01:27
Show Gist options
  • Save 12end/68c0c58d2564ef4141bccd4651480820 to your computer and use it in GitHub Desktop.
Save 12end/68c0c58d2564ef4141bccd4651480820 to your computer and use it in GitHub Desktop.
CVE-2024-46946: Remote Code Execution in LangChain's SymbolicMathChain
CVE ID: CVE-2024-46946
Vulnerability Type: Remote Code Execution
Affected Component: SymbolicMathChain in LangChain
Affected Versions: Introduced in commit https://github.com/langchain-ai/langchain/commit/fcccde406dd9e9b05fc9babcbeb9ff527b0ec0c6
Description:
A remote code execution vulnerability has been identified in LangChain's SymbolicMathChain component. The vulnerability stems from the use of sympy.sympify() to evaluate mathematical expressions without proper input sanitization.
The SymbolicMathChain class was introduced in the commit fcccde406dd9e9b05fc9babcbeb9ff527b0ec0c6. It uses a regular expression to match content between ````text` delimiters and passes this content to sympy.sympify() for evaluation.
However, sympy.sympify() internally uses Python's eval() function, which can lead to arbitrary code execution if not properly restricted.
Proof of Concept:
The following payload demonstrates the ability to execute arbitrary system commands:
```python
sympy.sympify("this.__class__.__mro__[8].__subclasses__()[154].__init__.__globals__['__builtins__']['exec']('import os;os.system(\"id\")')")
```
Impact:
An attacker who can control the input to SymbolicMathChain could potentially execute arbitrary code on the system running the LangChain application, leading to full system compromise.
Recommendation:
It is recommended to implement strict input validation and sanitization before passing any user-controlled input to sympy.sympify(). Consider using a whitelist of allowed mathematical operations and symbols, or explore alternative methods for safe mathematical expression evaluation.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment