langchain icon indicating copy to clipboard operation
langchain copied to clipboard

Published 20 hours ago • verified publisher icon langchain-ai

Arbitrary code execution in JiraAPIWrapper

Open 0gur1 opened this issue 1 year ago • 1 comments

System Info

LangChain version:0.0.171 windows 10

Who can help?

No response

Information

  • [X] The official example notebooks/scripts
  • [ ] My own modified scripts

Related Components

  • [ ] LLMs/Chat Models
  • [ ] Embedding Models
  • [ ] Prompts / Prompt Templates / Prompt Selectors
  • [ ] Output Parsers
  • [ ] Document Loaders
  • [ ] Vector Stores / Retrievers
  • [ ] Memory
  • [ ] Agents / Agent Executors
  • [X] Tools / Toolkits
  • [ ] Chains
  • [ ] Callbacks/Tracing
  • [ ] Async

Reproduction

  1. Set the environment variables for jira and openai
import os
from langchain.utilities.jira import JiraAPIWrapper
os.environ["JIRA_API_TOKEN"] = "your jira api token"
os.environ["JIRA_USERNAME"] = "your username"
os.environ["JIRA_INSTANCE_URL"] = "your url"
os.environ["OPENAI_API_KEY"] = "your openai key"
  1. Run jira
jira = JiraAPIWrapper()
output = jira.run('other',"exec(\"import os;print(os.popen('id').read())\")")
  1. The id command will be executed. Commands can be change to others and attackers can execute arbitrary code.

Expected behavior

The code cannot be executed without any check.

0gur1 avatar May 17 '23 04:05 0gur1

@zywilliamli @hwchase17

I think the options here are to either a) check code to a limited number of allowed actions, or b) remove the "other" method from the tool.

It looks like we want the jira tool to:

  1. Create an issue
  2. search jira
  3. get projects

I'm not sure what other functionality we want to extend to with self.other, maybe y'all know how to proceed best

aditya-pethe avatar May 18 '23 17:05 aditya-pethe

This is another critical bug that is deployment breaking for many: https://nvd.nist.gov/vuln/detail/CVE-2023-34540

See: #4849 #6627

JamalRahman avatar Jun 30 '23 10:06 JamalRahman

@hwchase17

Hi. I still getting this error in scan: https://nvd.nist.gov/vuln/detail/CVE-2023-34540 Can we reopen?

aiakubovich avatar Jul 17 '23 20:07 aiakubovich

@aiakubovich for Jira, this should be fixed in most recent version, so updating langchain version should remove the error

hwchase17 avatar Jul 21 '23 18:07 hwchase17

Confirming this is fixed in https://github.com/langchain-ai/langchain/pull/6992 and published in v0.0.225. Versions v0.0.225 and newer should not be affected.

You can confirm this by noting:

  • the tag for v0.0.225 is shown in the GitHub UI on the merge commit for #6992
  • the generated release notes for v0.0.225 show that #6992 was part of that release: https://github.com/langchain-ai/langchain/releases/tag/v0.0.225

@aiakubovich I'm opening a PR to the advisory database to update that CVE as fixed in v0.0.225, which should stop it from being reported on your end once your scanner tool sees the updated database entry.

If you're still seeing this problem ~next week, please give us a ping and we can dig in deeper together.

Thanks for your patience on this! We're working to make this process smoother in the future.

CVE-2023-34540

obi1kenobi avatar Aug 28 '23 20:08 obi1kenobi