GHSA-5G73-69P4-7GVX Code execution in pandasai

GenerateSDFPipeline in syntheticdataframe in PandasAI aka pandas-ai through 1.5.17 allows attackers to trigger the generation of arbitrary Python code that is executed by SDFCodeExecutor. An attacker can create a dataframe that provides an English language specification of this Python code. NOTE:...

PT-2024-20058 · Pandasai · Pandasai

Name of the Vulnerable Software and Affected Versions: PandasAI aka pandas-ai versions 1.5.17 and earlier Description: The issue allows attackers to trigger the generation of arbitrary Python code that is executed by SDFCodeExecutor. An attacker can create a dataframe that provides an English...