Lucene search
K

8 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 9:43 a.m.7 views

CVE-2024-23752

GenerateSDFPipeline in syntheticdataframe in PandasAI aka pandas-ai through 1.5.17 allows attackers to trigger the generation of arbitrary Python code that is executed by SDFCodeExecutor. An attacker can create a dataframe that provides an English language specification of this Python code. NOTE:...

9.8CVSS7.3AI score0.01267EPSS
Exploits2References1
OSV
OSV
added 2024/01/22 3:30 a.m.20 views

GHSA-5G73-69P4-7GVX Code execution in pandasai

GenerateSDFPipeline in syntheticdataframe in PandasAI aka pandas-ai through 1.5.17 allows attackers to trigger the generation of arbitrary Python code that is executed by SDFCodeExecutor. An attacker can create a dataframe that provides an English language specification of this Python code. NOTE:...

9.8CVSS9.4AI score0.01006EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2024/01/22 3:30 a.m.30 views

Code execution in pandasai

GenerateSDFPipeline in syntheticdataframe in PandasAI aka pandas-ai through 1.5.17 allows attackers to trigger the generation of arbitrary Python code that is executed by SDFCodeExecutor. An attacker can create a dataframe that provides an English language specification of this Python code. NOTE:...

9.8CVSS7.2AI score0.01006EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2024/01/22 1:15 a.m.22 views

Design/Logic Flaw

GenerateSDFPipeline in syntheticdataframe in PandasAI aka pandas-ai through 1.5.17 allows attackers to trigger the generation of arbitrary Python code that is executed by SDFCodeExecutor. An attacker can create a dataframe that provides an English language specification of this Python code. NOTE:...

7.5CVSS7.5AI score0.01267EPSS
Exploits2References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/22 12:0 a.m.5 views

CVE-2024-23752

GenerateSDFPipeline in syntheticdataframe in PandasAI aka pandas-ai through 1.5.17 allows attackers to trigger the generation of arbitrary Python code that is executed by SDFCodeExecutor. An attacker can create a dataframe that provides an English language specification of this Python code. NOTE:...

7.7AI score0.01006EPSS
Exploits1References1
Circl
Circl
added 2023/08/21 8:41 p.m.7 views

CVE-2023-39660

creationtimestamp| type| source ---|---|--- 2023-08-21 20:41:09+00:00| seen| https://t.me/cibsecurity/68894...

9.8CVSS8.7AI score0.01267EPSS
Exploits1References1
OSV
OSV
added 2023/08/21 5:15 p.m.18 views

CVE-2023-39660

An issue in Gaberiele Venturi pandasai v.0.8.0 and before allows a remote attacker to execute arbitrary code via a crafted request to the prompt function...

9.8CVSS8.1AI score
Exploits0References2
CVE
CVE
added 2023/08/21 12:0 a.m.73 views

CVE-2023-39660

The core issue affects PandasAI (pandas-ai) up to version 1.5.17, where GenerateSDFPipeline via SDFCodeExecutor can cause arbitrary Python code execution. An attacker can craft a dataframe that encodes the Python payload in natural language, which is then executed by SDFCodeExecutor. This vulnera...

9.8CVSS9.4AI score0.01267EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder