CVE-2023-36281 PoC — LangChain 代码注入漏洞

Source

https://github.com/tagomaru/CVE-2023-36281

Associated Vulnerability

Title:LangChain 代码注入漏洞 (CVE-2023-36281)
Description:An issue in langchain v.0.0.171 allows a remote attacker to execute arbitrary code via a JSON file to load_prompt. This is related to __subclasses__ or a template.

Description

PoC of CVE-2023-36281

Readme

# CVE-2023-36281
PoC of CVE-2023-36281

I referred to [this PoC](https://aisec.today/LangChain-2e6244a313dd46139c5ef28cbcab9e55). Unfortunately, it doesn’t work because the indexes of `subprocess.Popen` are different in each Python environment. However, my PoC code addresses this problem.

## Installation
`$ pip install -r requirements.txt`

## Execution
### 1. Get index of subprocss on your own environment since it could be different for each environment.
#### In
`$ python get_index_of_subprocess.py`

#### Out
```
subprcess.Popen index: 309.
Replace target_index in attack_prompt.json with this value.
```

### 2. Replace target_index in attack_prompt.json with the value you get.

### 3. Exploit
#### In
`$ python exploit.py`

#### Out
```
README.md  attack_prompt.json  get_index_of_subprocess.py  exploit.py  requirements.txt
```

File Snapshot


 [4.0K]  /data/pocs/88c1b50511063657263aa0e5991c0ef97e8d73d1
├── [ 335]  attack_prompt.json
├── [ 150]  exploit.py
├── [ 314]  get_index_of_subprocess.py
├── [ 842]  README.md
└── [  18]  requirements.txt

0 directories, 5 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!