langchain icon indicating copy to clipboard operation
langchain copied to clipboard

Published 20 hours ago • verified publisher icon langchain-ai

Patch LLMMathChain exec vulnerability

Open zachschillaci27 opened this issue 2 years ago • 1 comments

As referenced in other issues (see #814, #1026), the current implementation of LLMMathChain allows for prompt injection attacks which can execute arbitrary code using Python's exec method. As a quick patch, I have modified the chain to use the slightly safer eval method and modified the prompt template accordingly. From my quick testing, this doesn't seem to hurt the chain's mathematical ability and prevents the exploit outlined in #814.

NB: This is intended as a quick patch to mitigate the current security risks. Future developments, as in #1055, should further help with solving this vulnerability and others.

zachschillaci27 avatar Feb 17 '23 14:02 zachschillaci27

Here's another attempt using RestrictedPython:

https://github.com/hwchase17/langchain/pull/1134

Please review and let me know what you think.

bborn avatar Feb 18 '23 03:02 bborn

stale, using numexpr now

dev2049 avatar May 09 '23 23:05 dev2049

using numexpr now

dockercore avatar Jun 27 '23 09:06 dockercore