5 matches found
CVE-2024-12366
PandasAI uses an interactive prompt function that is vulnerable to prompt injection and run arbitrary Python code that can lead to Remote Code Execution RCE instead of the intended explanation of the natural language processing by the LLM...
date-a-scientist (>=0.1.0 <=0.1.19), exposeq (>=4.0.7 <=4.6.1) +3 more potentially affected by CVE-2024-12366 via pandasai (>=1.3.3 <=2.4.2)
pandasai PYPI version =1.3.3, =0.1.0, =4.0.7, =0.0.0, =0.0.3 Source cves: CVE-2024-12366 Source advisory: OSV:GHSA-VV2H-2W3Q-3FX7...
CVE-2024-12366
CVE-2024-12366 affects PandasAI: its interactive prompt function is vulnerable to prompt injection, allowing an attacker to instruct the LLM to generate and execute arbitrary Python code within the process, causing Remote Code Execution (RCE) and potential system compromise or pivoting to connect...
CVE-2024-12366 CVE-2024-12366
PandasAI uses an interactive prompt function that is vulnerable to prompt injection and run arbitrary Python code that can lead to Remote Code Execution RCE instead of the intended explanation of the natural language processing by the LLM...
CVE-2024-12366 CVE-2024-12366
PandasAI uses an interactive prompt function that is vulnerable to prompt injection and run arbitrary Python code that can lead to Remote Code Execution RCE instead of the intended explanation of the natural language processing by the LLM...