From 4c97a10bd0d9385cfee234a63b5bd826a295e483 Mon Sep 17 00:00:00 2001
From: Haozhe <17514803+hazzel-cn@users.noreply.github.com>
Date: Fri, 29 Sep 2023 13:16:00 -0700
Subject: [PATCH] fix code injection vuln (#11233)

- **Description:** Fix a code injection vuln by adding one more keyword
into the filtering list
  - **Issue:** N/A
  - **Dependencies:** N/A
  - **Tag maintainer:**
  - **Twitter handle:**

Co-authored-by: Eugene Yurtsev <eyurtsev@gmail.com>
---
 libs/experimental/langchain_experimental/pal_chain/base.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libs/experimental/langchain_experimental/pal_chain/base.py b/libs/experimental/langchain_experimental/pal_chain/base.py
index 275f9e9308..32ab235e09 100644
--- a/libs/experimental/langchain_experimental/pal_chain/base.py
+++ b/libs/experimental/langchain_experimental/pal_chain/base.py
@@ -20,7 +20,7 @@ from langchain_experimental.pal_chain.colored_object_prompt import COLORED_OBJEC
 from langchain_experimental.pal_chain.math_prompt import MATH_PROMPT
 from langchain_experimental.pydantic_v1 import Extra, Field
 
-COMMAND_EXECUTION_FUNCTIONS = ["system", "exec", "execfile", "eval"]
+COMMAND_EXECUTION_FUNCTIONS = ["system", "exec", "execfile", "eval", "__import__"]
 
 
 class PALValidation: