3 matches found
CVE-2024-6841
A Cross-Site Request Forgery CSRF vulnerability exists in the latest commit 56b782bcefd2e59b19cd7ba7878b95f54884f502 of the vanna-ai/vanna repository. Two endpoints in the built-in web app that provide SQL functionality are implemented as simple GET requests, making them susceptible to CSRF...
CVE-2024-6841
The CVE-2024-6841 CSRF vulnerability affects the vanna-ai/vanna repository’s built‑in web app with two GET endpoints that execute SQL. Root cause: requests can trigger arbitrary SQL commands via CSRF without requiring authentication, enabling data alteration or deletion (read access not possible)...
CVE-2024-6841 CSRF in vanna-ai/vanna
A Cross-Site Request Forgery CSRF vulnerability exists in the latest commit 56b782bcefd2e59b19cd7ba7878b95f54884f502 of the vanna-ai/vanna repository. Two endpoints in the built-in web app that provide SQL functionality are implemented as simple GET requests, making them susceptible to CSRF...