978 matches found
Code Injection
pandasai is vulnerable to Code Injection. The vulnerability due improper prompt sanitization within the syntheticdataframe function located in the GenerateSDFPipeline component. It allows an attacker to execute arbitrary Python code by the SDFCodeExecutor...
Code execution in pandasai
GenerateSDFPipeline in syntheticdataframe in PandasAI aka pandas-ai through 1.5.17 allows attackers to trigger the generation of arbitrary Python code that is executed by SDFCodeExecutor. An attacker can create a dataframe that provides an English language specification of this Python code. NOTE:...
GHSA-5G73-69P4-7GVX Code execution in pandasai
GenerateSDFPipeline in syntheticdataframe in PandasAI aka pandas-ai through 1.5.17 allows attackers to trigger the generation of arbitrary Python code that is executed by SDFCodeExecutor. An attacker can create a dataframe that provides an English language specification of this Python code. NOTE:...
CVE-2024-23752
GenerateSDFPipeline in syntheticdataframe in PandasAI aka pandas-ai through 1.5.17 allows attackers to trigger the generation of arbitrary Python code that is executed by SDFCodeExecutor. An attacker can create a dataframe that provides an English language specification of this Python code. NOTE:...
CVE-2024-23752
GenerateSDFPipeline in syntheticdataframe in PandasAI aka pandas-ai through 1.5.17 allows attackers to trigger the generation of arbitrary Python code that is executed by SDFCodeExecutor. An attacker can create a dataframe that provides an English language specification of this Python code. NOTE:...
PandasAI Security Vulnerabilities
PandasAI is a Python library that integrates generative AI functionality into pandas to make dataframes conversational. A security vulnerability exists in PandasAI 1.5.17 and earlier versions, which stems from a vulnerability that allows an attacker to trigger the generation of arbitrary Python...
CVE-2024-23752
GenerateSDFPipeline in syntheticdataframe in PandasAI aka pandas-ai through 1.5.17 allows attackers to trigger the generation of arbitrary Python code that is executed by SDFCodeExecutor. An attacker can create a dataframe that provides an English language specification of this Python code. NOTE:...
CVE-2024-23752
Summary: CVE-2024-23752 affects PandasAI (pandas-ai) up to v1.5.17. The vulnerability resides in GenerateSDFPipeline within synthetic_dataframe, where an English-language specification can cause SDFCodeExecutor to run arbitrary Python code. This leads to possible arbitrary code execution with hig...
CVE-2023-48699 fastbots Eval Injection vulnerability
fastbots is a library for fast bot and scraper development using selenium and the Page Object Model POM design. Prior to version 0.1.5, an attacker could modify the locators.ini locator file with python code that without proper validation it's executed and it could lead to rce. The vulnerability ...
Eval Injection in fastbots
Impact An attacker could modify the locators.ini locator file with python code that without proper validation it's executed and it could lead to rce. The vulnerability is in the function def locatorself, locatorname: str in page.py. The vulnerable code that load and execute directly from the file...
GHSA-VCCG-F4GP-45X9 Eval Injection in fastbots
Impact An attacker could modify the locators.ini locator file with python code that without proper validation it's executed and it could lead to rce. The vulnerability is in the function def locatorself, locatorname: str in page.py. The vulnerable code that load and execute directly from the file...
Elementor Website Builder < 3.12.2 SQL injection Exploit
Elementor Website Builder versions prior to 3.12.2 suffer from a remote SQL injection vulnerability. EXPLOIT Elementor Website Builder Replace URL page. On the Replace URL page, enter any random string as the "New URL" and the following malicious payload as the "Old URL": code :...
Elementor Website Builder SQL Injection
EXPLOIT Elementor Website Builder Replace URL page. On the Replace URL page, enter any random string as the "New URL" and the following malicious payload as the "Old URL": code : http://localhost:8080/?test',metakey='key4'where+metaid=SLEEP2; Press "Replace URL" on the Replace URL page. Burp Suit...
Code injection
IBM AIX's 7.3 Python implementation could allow a non-privileged local user to exploit a vulnerability to cause a denial of service. IBM X-Force ID: 267965...
Remote Code Execution (RCE)
transmute-core is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe YAML deserialization which allows a remote attacker to execute arbitrary Python code by deserializing arbitrary YAML...
transmute-core unsafe YAML deserialization vulnerability
Unsafe YAML deserialization in yaml.Loader in transmute-core before 1.13.5 allows attackers to execute arbitrary Python code...
GHSA-W9CP-3X79-2P8P transmute-core unsafe YAML deserialization vulnerability
Unsafe YAML deserialization in yaml.Loader in transmute-core before 1.13.5 allows attackers to execute arbitrary Python code...
CVE-2023-47204
Unsafe YAML deserialization in yaml.Loader in transmute-core before 1.13.5 allows attackers to execute arbitrary Python code...
CVE-2023-47204
Unsafe YAML deserialization in yaml.Loader in transmute-core before 1.13.5 allows attackers to execute arbitrary Python code...
PYSEC-2023-223
Unsafe YAML deserialization in yaml.Loader in transmute-core before 1.13.5 allows attackers to execute arbitrary Python code...