Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistMitreCVELIST:CVE-2024-23752
HistoryJan 22, 2024 - 12:00 a.m.

CVE-2024-23752

2024-01-2200:00:00
mitre
www.cve.org
4
pandasai
synthetic_dataframe
python code execution
sdfcodeexecutor
cve-2024-23752

AI Score

9.8

Confidence

High

EPSS

0.004

Percentile

75.2%

JSON

GenerateSDFPipeline in synthetic_dataframe in PandasAI (aka pandas-ai) through 1.5.17 allows attackers to trigger the generation of arbitrary Python code that is executed by SDFCodeExecutor. An attacker can create a dataframe that provides an English language specification of this Python code. NOTE: the vendor previously attempted to restrict code execution in response to a separate issue, CVE-2023-39660.

Related

osv 3
github 2
nvd 2
prion 2
cve 2
cvelist 1
veracode 2
osv
osv
Code execution in pandasai
2024-01-22 03:30:26
pandasai vulnerable to prompt injection
2023-08-21 18:31:23
CVE-2023-39660
2023-08-21 17:15:48
github
github
Code execution in pandasai
2024-01-22 03:30:26
pandasai vulnerable to prompt injection
2023-08-21 18:31:23
nvd
nvd
CVE-2024-23752
2024-01-22 01:15:08
CVE-2023-39660
2023-08-21 17:15:48
prion
prion
Design/Logic Flaw
2024-01-22 01:15:00
Design/Logic Flaw
2023-08-21 17:15:00
cve
cve
CVE-2024-23752
2024-01-22 01:15:08
CVE-2023-39660
2023-08-21 17:15:48
cvelist
cvelist
CVE-2023-39660
2023-08-21 00:00:00
veracode
veracode
Arbitrary Code Execution
2023-08-22 11:18:58
Code Injection
2024-01-23 09:34:35

AI Score

9.8

Confidence

High

EPSS

0.004

Percentile

75.2%

JSON
Related for CVELIST:CVE-2024-23752
osv3github2nvd2prion2cve2cvelist1veracode2