Lucene search
K

6 matches found

The Hacker News
The Hacker News
added 2024/06/27 10:4 a.m.39 views

Prompt Injection Flaw in Vanna AI Exposes Databases to RCE Attacks

Cybersecurity researchers have disclosed a high-severity security flaw in the Vanna.AI library that could be exploited to achieve remote code execution vulnerability via prompt injection techniques. The vulnerability, tracked as CVE-2024-5565 CVSS score: 8.1, relates to a case of prompt injection...

8.1CVSS8.6AI score0.14956EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2024/05/31 3:30 p.m.6 views

cy-ai-trainer (>=0.0.1 <=0.0.2), llama-index-packs-vanna (>=0.0.1 <=0.1.4) potentially affected by CVE-2024-5565 via vanna (>=0.0.30 <=0.0.36)

vanna PYPI version =0.0.30, =0.0.1, =0.0.1, =0.1.4 Source cves: CVE-2024-5565 Source advisory: OSV:GHSA-7735-W2JP-GVG6...

8.1CVSS7.4AI score0.14956EPSS
Exploits0
NVD
NVD
added 2024/05/31 3:15 p.m.21 views

CVE-2024-5565

The Vanna library uses a prompt function to present the user with visualized results, it is possible to alter the prompt using prompt injection and run arbitrary Python code instead of the intended visualization code. Specifically - allowing external input to the library’s “ask” method with...

8.1CVSS8.6AI score0.14956EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/05/31 2:24 p.m.17 views

CVE-2024-5565 Prompt Injection in "ask" API with visualization leads to RCE

The Vanna library uses a prompt function to present the user with visualized results, it is possible to alter the prompt using prompt injection and run arbitrary Python code instead of the intended visualization code. Specifically - allowing external input to the library’s “ask” method with...

8.1CVSS8AI score0.14956EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/05/31 2:24 p.m.97 views

CVE-2024-5565 Prompt Injection in "ask" API with visualization leads to RCE

The Vanna library uses a prompt function to present the user with visualized results, it is possible to alter the prompt using prompt injection and run arbitrary Python code instead of the intended visualization code. Specifically - allowing external input to the library’s “ask” method with...

8.1CVSS8.6AI score0.14956EPSS
Exploits0References1
CVE
CVE
added 2024/05/31 2:24 p.m.68 views

CVE-2024-5565

CVE-2024-5565 concerns the Vanna.AI library (Python) where prompt injection in the library’s ask API, with visualize set to True, can execute arbitrary Python code on the host, enabling remote code execution. The vulnerability arises from insufficient input validation in the prompt generation tha...

8.1CVSS8.5AI score0.14956EPSS
Exploits0References1
Rows per page
Query Builder