Description

PandasAI uses an interactive prompt function that is vulnerable to prompt injection and run arbitrary Python code that can lead to Remote Code Execution (RCE) instead of the intended explanation of the natural language processing by the LLM.

INFO

Published Date :

2025-02-11T12:42:11.882Z

Last Modified :

2025-02-11T19:28:21.551Z

Source :

certcc
AFFECTED PRODUCTS

The following products are affected by CVE-2024-12366 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-12366.

URL Resource
https://docs.getpanda.ai/v3/privacy-security cve-icon cve-icon
https://docs.pandas-ai.com/advanced-security-agent cve-icon cve-icon
https://www.kb.cert.org/vuls/id/148244 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact