- Description
- PandasAI uses an interactive prompt function that is vulnerable to prompt injection and run arbitrary Python code that can lead to Remote Code Execution (RCE) instead of the intended explanation of the natural language processing by the LLM.
- Source
- cret@cert.org
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- Hype score
- Not currently trending
🚨 CVE-2024-12366 ❓ 🏢 Sinaptik AI - PandasAI 🏗️ 2.4.0 🔗 https://t.co/7jalBNunTD 🔗 https://t.co/OCp1lXsiEM #CyberCron #VulnAlert https://t.co/tKyU2tENSg
@cybercronai
11 Feb 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-12366 PandasAI uses an interactive prompt function that is vulnerable to prompt injection and run arbitrary Python code that can lead to Remote Code Execution (RCE) instead… https://t.co/Cl8QcXMd8o
@CVEnew
11 Feb 2025
360 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes