CVE-2024-5826

Advisory

In affected versions, the `vanna.ask` function is vulnerable to remote code execution due to prompt injection. The root cause is the lack of a sandbox when executing LLM-generated code, allowing an attacker to manipulate the code executed by the `exec` function in `src/vanna/base/base.py`. This vulnerability can be exploited by an attacker to achieve remote code execution on the app backend server, potentially gaining full control of the server.

Affected package

Affected versions

Fixed versions

Vulnerability changelog

This vulnerability has no description

Resources

• https://huntr.com/bounties/90620087-44ac-4e43-b659-3c5d30889369
• https://github.com/advisories/GHSA-rrqq-fv6m-692m
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5826