Lucene search
Veracode Vulnerability DatabaseVERACODE:42885HistoryAug 22, 2023 - 11:18 a.m.
Arbitrary Code Execution
2023-08-2211:18:58
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
pandasai
arbitrary code execution
security checks
malicious code
prompt injection
__init__.py
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
0.004
Percentile
75.2%
pandasai is vulnerable to Arbitrary Code Execution. The vulnerability exists in clean_code function at __init__.py due to lack of security checks which allows an attacker to inject and execute malicious code, resulting in prompt injection.
Related
cvelist
cvelist
CVE-2023-39660
2023-08-21 00:00:00
CVE-2024-23752
2024-01-22 00:00:00
github
github
pandasai vulnerable to prompt injection
2023-08-21 18:31:23
Code execution in pandasai
2024-01-22 03:30:26
prion
prion
Design/Logic Flaw
2023-08-21 17:15:00
Design/Logic Flaw
2024-01-22 01:15:00
osv
osv
pandasai vulnerable to prompt injection
2023-08-21 18:31:23
CVE-2023-39660
2023-08-21 17:15:48
Code execution in pandasai
2024-01-22 03:30:26
nvd
nvd
CVE-2023-39660
2023-08-21 17:15:48
CVE-2024-23752
2024-01-22 01:15:08
cve
cve
CVE-2023-39660
2023-08-21 17:15:48
CVE-2024-23752
2024-01-22 01:15:08
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
0.004
Percentile
75.2%
Related for VERACODE:42885