Product Research Enterprise Plans Docs

PyPi: Pandasai

PVE-2024-73379

Safety vulnerability ID: 73379

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Sep 25, 2024 Updated at Nov 20, 2024

Advisory

Affected versions of PandasAI are vulnerable to an Incomplete List of Disallowed Inputs (…

[This advisory has been limited. Please create a free account to view the full advisory.]

Affected package

pandasai

Latest version: 2.4.0

Chat with your database (SQL, CSV, pandas, polars, mongodb, noSQL, etc). PandasAI makes data analysis conversational using LLMs (GPT 3.5 / 4, Anthropic, VertexAI) and RAG.

Affected versions

Fixed versions

Vulnerability changelog

What's Changed * Improve query safety by using regex for keyword detection and fix exclu…

[This text has been limited. Please create a free account to view the full text.]

Resources

https://github.com/Sinaptik-AI/pandas-ai/commit/e15281b46d9bf930d25be120ce7fe17cd5b798dd
https://pypi.org/project/pandasai
https://data.safetycli.com/changelogs/pandasai/