Langroid LanceDocChatAgent Code Injection Vulnerability

A code injection vulnerability has been identified in the Langroid Python framework, specifically in versions prior to 0.53.15. The issue arises within the LanceDocChatAgent, which utilizes the pandas eval() function to process calculations from documents. This vulnerability allows an attacker to execute malicious commands by manipulating the evaluation process, potentially compromising the host system. The problem is rooted in the agent's handling of untrusted input, which can be exploited to execute harmful code under certain conditions.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the host system where Langroid is running.

Reproduction

The vulnerability can be reproduced by using the LanceDocChatAgent with untrusted input that includes malicious pandas expressions. This can be done by sending a QueryPlan.dataframe_calc message that contains harmful commands, such as those exploiting the pandas eval() function to execute arbitrary code.

Remediation

Users can upgrade to Langroid version 0.53.15 or later, which includes input sanitization for the affected function and addresses the vulnerability. Additionally, the Langroid documentation now contains warnings about the risks associated with unsanitized input.