Skip to content

vanna vulnerable to remote code execution caused by prompt injection

Critical severity GitHub Reviewed Published Jun 27, 2024 to the GitHub Advisory Database • Updated Jun 28, 2024

Package

pip vanna (pip)

Affected versions

<= 0.6.2

Patched versions

None

Description

In the latest version of vanna-ai/vanna, the vanna.ask function is vulnerable to remote code execution due to prompt injection. The root cause is the lack of a sandbox when executing LLM-generated code, allowing an attacker to manipulate the code executed by the exec function in src/vanna/base/base.py. This vulnerability can be exploited by an attacker to achieve remote code execution on the app backend server, potentially gaining full control of the server.

References

Published by the National Vulnerability Database Jun 27, 2024
Published to the GitHub Advisory Database Jun 27, 2024
Reviewed Jun 28, 2024
Last updated Jun 28, 2024

Severity

Critical
9.8
/ 10

CVSS base metrics

Attack vector
Network
Attack complexity
Low
Privileges required
None
User interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses

CVE ID

CVE-2024-5826

GHSA ID

GHSA-rrqq-fv6m-692m

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.