10 matches found
EUVD-2024-2388
Malicious code in bioql PyPI...
CVE-2024-8055
Vanna v0.6.3 is vulnerable to SQL injection via Snowflake database in its file staging operations using the PUT and COPY commands. This vulnerability allows unauthenticated remote users to read arbitrary local files on the victim server, such as /etc/passwd, by exploiting the exposed SQL queries...
CVE-2024-8055 Local File Read (LFI) by Prompt Injection via SnowFlake SQL in vanna-ai/vanna
Vanna v0.6.3 is vulnerable to SQL injection via Snowflake database in its file staging operations using the PUT and COPY commands. This vulnerability allows unauthenticated remote users to read arbitrary local files on the victim server, such as /etc/passwd, by exploiting the exposed SQL queries...
CVE-2024-5753
vanna-ai/vanna version v0.3.4 is vulnerable to SQL injection in some file-critical functions such as pgreadfile. This vulnerability allows unauthenticated remote users to read arbitrary local files on the victim server, including sensitive files like /etc/passwd, by exploiting the exposed SQL...
GHSA-MWXM-35F8-6VG2 Vanna vulnerable to SQL Injection
vanna-ai/vanna version v0.3.4 is vulnerable to SQL injection in some file-critical functions such as pgreadfile. This vulnerability allows unauthenticated remote users to read arbitrary local files on the victim server, including sensitive files like /etc/passwd, by exploiting the exposed SQL...
Vanna vulnerable to SQL Injection
vanna-ai/vanna version v0.3.4 is vulnerable to SQL injection in some file-critical functions such as pgreadfile. This vulnerability allows unauthenticated remote users to read arbitrary local files on the victim server, including sensitive files like /etc/passwd, by exploiting the exposed SQL...
CVE-2024-5753
vanna-ai/vanna version v0.3.4 is vulnerable to SQL injection in some file-critical functions such as pgreadfile. This vulnerability allows unauthenticated remote users to read arbitrary local files on the victim server, including sensitive files like /etc/passwd, by exploiting the exposed SQL...
CVE-2024-5753 Local File Read (LFI) by Prompt Injection via Postgres SQL in vanna-ai/vanna
vanna-ai/vanna version v0.3.4 is vulnerable to SQL injection in some file-critical functions such as pgreadfile. This vulnerability allows unauthenticated remote users to read arbitrary local files on the victim server, including sensitive files like /etc/passwd, by exploiting the exposed SQL...
CVE-2024-5753 Local File Read (LFI) by Prompt Injection via Postgres SQL in vanna-ai/vanna
vanna-ai/vanna version v0.3.4 is vulnerable to SQL injection in some file-critical functions such as pgreadfile. This vulnerability allows unauthenticated remote users to read arbitrary local files on the victim server, including sensitive files like /etc/passwd, by exploiting the exposed SQL...
Vanna Information Disclosure Vulnerability
Vanna is a personalized AI SQL agent from Vanna. An information disclosure vulnerability exists in v0.3.4 of vanna, which stems from the vulnerability of certain file-related functions to SQL injection attacks. An unauthenticated, remote attacker exploiting this vulnerability could read arbitrary...