Langroid TableChatAgent Code Injection Vulnerability

A code injection vulnerability has been identified in Langroid versions prior to 0.53.15, specifically within the TableChatAgent component. This issue arises because the agent's pandas_eval() method, which evaluates expressions using pandas, can execute arbitrary code if provided with untrusted input. Such a scenario is likely in public-facing applications that utilize large language models (LLMs). The vulnerability could lead to unauthorized access to sensitive data, disruption of service, or a complete compromise of the system running the LLM application.

Impact

Exploitation of this vulnerability could allow an attacker to execute arbitrary code on the server, potentially leading to unauthorized access to sensitive data, disruption of services, or a complete compromise of the system.

Reproduction

To reproduce this vulnerability, use Langroid's TableChatAgent to evaluate a pandas expression that includes a command to be executed on the system, such as listing directory contents. This can be done by setting the 'full_eval' parameter to True, which disables input sanitization and allows untrusted expressions to be executed.

Remediation

Users can upgrade to Langroid version 0.53.15 or later, where this vulnerability has been addressed by sanitizing input to the TableChatAgent by default. Additionally, warnings about the potential risks of code execution have been added to the project documentation.