6 matches found
Prompt Injection Flaw in Vanna AI Exposes Databases to RCE Attacks
Cybersecurity researchers have disclosed a high-severity security flaw in the Vanna.AI library that could be exploited to achieve remote code execution vulnerability via prompt injection techniques. The vulnerability, tracked as CVE-2024-5565 CVSS score: 8.1, relates to a case of prompt injection...
cy-ai-trainer (>=0.0.1 <=0.0.2), llama-index-packs-vanna (>=0.0.1 <=0.1.4) potentially affected by CVE-2024-5565 via vanna (>=0.0.30 <=0.0.36)
vanna PYPI version =0.0.30, =0.0.1, =0.0.1, =0.1.4 Source cves: CVE-2024-5565 Source advisory: OSV:GHSA-7735-W2JP-GVG6...
CVE-2024-5565
The Vanna library uses a prompt function to present the user with visualized results, it is possible to alter the prompt using prompt injection and run arbitrary Python code instead of the intended visualization code. Specifically - allowing external input to the library’s “ask” method with...
CVE-2024-5565 Prompt Injection in "ask" API with visualization leads to RCE
The Vanna library uses a prompt function to present the user with visualized results, it is possible to alter the prompt using prompt injection and run arbitrary Python code instead of the intended visualization code. Specifically - allowing external input to the library’s “ask” method with...
CVE-2024-5565 Prompt Injection in "ask" API with visualization leads to RCE
The Vanna library uses a prompt function to present the user with visualized results, it is possible to alter the prompt using prompt injection and run arbitrary Python code instead of the intended visualization code. Specifically - allowing external input to the library’s “ask” method with...
CVE-2024-5565
CVE-2024-5565 concerns the Vanna.AI library (Python) where prompt injection in the library’s ask API, with visualize set to True, can execute arbitrary Python code on the host, enabling remote code execution. The vulnerability arises from insufficient input validation in the prompt generation tha...