16 matches found
PYSEC-2026-448 PandasAI interactive prompt function Remote Code Execution (RCE)
PandasAI uses an interactive prompt function that is vulnerable to prompt injection and run arbitrary Python code that can lead to Remote Code Execution RCE instead of the intended explanation of the natural language processing by the LLM. The security controls of PandasAI 2.4.3 and earlier fail ...
PandasAI 代码注入漏洞
PandasAI is a Python library that integrates artificial intelligence functions into pandas, making data frames interactive. Versions of PandasAI 3.0.0 and earlier contained a code injection vulnerability, which was caused by incorrect operations on the CodeExecutor.execute function, potentially...
EUVD-2023-2372
Malicious code in bioql PyPI...
CVE-2024-12366
PandasAI uses an interactive prompt function that is vulnerable to prompt injection and run arbitrary Python code that can lead to Remote Code Execution RCE instead of the intended explanation of the natural language processing by the LLM...
date-a-scientist (>=0.1.18 <=0.1.19) potentially affected by CVE-2024-12366 via pandasai (=2.3.0)
pandasai PYPI version =2.3.0 is affected by a known vulnerability. The following packages have a transitive dependency on pandasai and may be impacted: - date-a-scientist =0.1.18, =0.1.19 Source cves: CVE-2024-12366 Source advisory: SNYK:PYTHON-PANDASAI-8715593...
Arbitrary Code Injection
Overview pandasai is a Pandas AI is a Python library that integrates generative artificial intelligence capabilities into Pandas, making dataframes conversational. Affected versions of this package are vulnerable to Arbitrary Code Injection through the interactive prompt function. An attacker wit...
date-a-scientist (>=0.1.0 <=0.1.19), exposeq (>=4.0.7 <=4.6.1) +3 more potentially affected by CVE-2024-12366 via pandasai (>=1.3.3 <=2.4.2)
pandasai PYPI version =1.3.3, =0.1.0, =4.0.7, =0.0.0, =0.0.3 Source cves: CVE-2024-12366 Source advisory: OSV:GHSA-VV2H-2W3Q-3FX7...
GHSA-VV2H-2W3Q-3FX7 PandasAI interactive prompt function Remote Code Execution (RCE)
PandasAI uses an interactive prompt function that is vulnerable to prompt injection and run arbitrary Python code that can lead to Remote Code Execution RCE instead of the intended explanation of the natural language processing by the LLM. The security controls of PandasAI 2.4.3 and earlier fail ...
PandasAI interactive prompt function Remote Code Execution (RCE)
PandasAI uses an interactive prompt function that is vulnerable to prompt injection and run arbitrary Python code that can lead to Remote Code Execution RCE instead of the intended explanation of the natural language processing by the LLM. The security controls of PandasAI 2.4.3 and earlier fail ...
CVE-2024-12366
PandasAI uses an interactive prompt function that is vulnerable to prompt injection and run arbitrary Python code that can lead to Remote Code Execution RCE instead of the intended explanation of the natural language processing by the LLM...
CVE-2024-12366 CVE-2024-12366
PandasAI uses an interactive prompt function that is vulnerable to prompt injection and run arbitrary Python code that can lead to Remote Code Execution RCE instead of the intended explanation of the natural language processing by the LLM...
CVE-2024-12366
CVE-2024-12366 affects PandasAI: its interactive prompt function is vulnerable to prompt injection, allowing an attacker to instruct the LLM to generate and execute arbitrary Python code within the process, causing Remote Code Execution (RCE) and potential system compromise or pivoting to connect...
CVE-2024-12366 CVE-2024-12366
PandasAI uses an interactive prompt function that is vulnerable to prompt injection and run arbitrary Python code that can lead to Remote Code Execution RCE instead of the intended explanation of the natural language processing by the LLM...
PandasAI interactive prompt function can be exploited to run arbitrary Python code through prompt injection, which can lead to remote code execution (RCE)
Overview PandasAI, an open source project by SinaptikAI, has been found vulnerable to Prompt Injection attacks. An attacker with access to the chat prompt can craft malicious input that is interpreted as code, potentially achieving arbitrary code execution. In response, SinaptikAI has implemented...
PandasAI Command Injection Vulnerability
PandasAI is a data processing application that combines Pandas, a data manipulation and analysis library, with AI, allowing users to interact with data through natural language without having to write complex code. PandasAI has a command injection vulnerability that can be exploited by an attacke...
CVE-2024-23752
GenerateSDFPipeline in syntheticdataframe in PandasAI aka pandas-ai through 1.5.17 allows attackers to trigger the generation of arbitrary Python code that is executed by SDFCodeExecutor. An attacker can create a dataframe that provides an English language specification of this Python code. NOTE:...