{"url":"http://public2.vulnerablecode.io/api/packages/35523?format=json","purl":"pkg:pypi/numexpr@2.2.1","type":"pypi","namespace":"","name":"numexpr","version":"2.2.1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.8.5","latest_non_vulnerable_version":"2.8.5","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36538?format=json","vulnerability_id":"VCID-52vp-m7t5-hqas","summary":"An issue in LanChain-ai Langchain v.0.0.245 allows a remote attacker to execute arbitrary code via the evaluate function in the numexpr library.","references":[{"reference_url":"https://github.com/langchain-ai/langchain","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/langchain-ai/langchain"},{"reference_url":"https://github.com/langchain-ai/langchain/issues/8363","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://github.com/langchain-ai/langchain/issues/8363"},{"reference_url":"https://github.com/langchain-ai/langchain/pull/11302","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://github.com/langchain-ai/langchain/pull/11302"},{"reference_url":"https://github.com/langchain-ai/langchain/releases/tag/v0.0.308","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/langchain-ai/langchain/releases/tag/v0.0.308"},{"reference_url":"https://github.com/pydata/numexpr/commit/4b2d89cf14e75030d27629925b9998e1e91d23c7","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pydata/numexpr/commit/4b2d89cf14e75030d27629925b9998e1e91d23c7"},{"reference_url":"https://github.com/pydata/numexpr/issues/442","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://github.com/pydata/numexpr/issues/442"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/langchain/PYSEC-2023-162.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/langchain/PYSEC-2023-162.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/numexpr/PYSEC-2023-163.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/numexpr/PYSEC-2023-163.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-39631","reference_id":"CVE-2023-39631","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-39631"},{"reference_url":"https://github.com/advisories/GHSA-f73w-4m7g-ch9x","reference_id":"GHSA-f73w-4m7g-ch9x","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-f73w-4m7g-ch9x"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/35559?format=json","purl":"pkg:pypi/numexpr@2.8.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/numexpr@2.8.5"}],"aliases":["CVE-2023-39631","GHSA-f73w-4m7g-ch9x","PYSEC-2023-162","PYSEC-2023-163"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-52vp-m7t5-hqas"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/numexpr@2.2.1"}