CVE-2024-5753
CVE-2024-5753 affects vanna-ai/vanna v0.3.4 with a SQL injection in file-critical functions (notably pg_read_file()) exposed via the Python Flask API. This allows unauthenticated remote attackers to read arbitrary local files on the server (e.g., /etc/passwd). Root cause is an injectable SQL quer...