4 matches found
PYSEC-2026-446 Code execution in pandasai
GenerateSDFPipeline in syntheticdataframe in PandasAI aka pandas-ai through 1.5.17 allows attackers to trigger the generation of arbitrary Python code that is executed by SDFCodeExecutor. An attacker can create a dataframe that provides an English language specification of this Python code. NOTE:...
Code Injection
pandasai is vulnerable to Code Injection. The vulnerability due improper prompt sanitization within the syntheticdataframe function located in the GenerateSDFPipeline component. It allows an attacker to execute arbitrary Python code by the SDFCodeExecutor...
CVE-2024-23752
GenerateSDFPipeline in syntheticdataframe in PandasAI aka pandas-ai through 1.5.17 allows attackers to trigger the generation of arbitrary Python code that is executed by SDFCodeExecutor. An attacker can create a dataframe that provides an English language specification of this Python code. NOTE:...
PT-2024-20058
Name of the Vulnerable Software and Affected Versions PandasAI aka pandas-ai versions 1.5.17 and earlier Description The issue allows attackers to trigger the generation of arbitrary Python code that is executed by SDFCodeExecutor. An attacker can create a dataframe that provides an English...