PyPI: pandasai
CVE-2024-12366
Safety vulnerability ID: SFTY-20250211-67008
Safety legacy ID: pyup.io-76338
PandasAI uses an interactive prompt function that is vulnerable to prompt injection and run arbitrary Python code that can lead to Remote Code Execution (RCE) instead of the intended explanation of the natural language processing by the LLM. The security controls of PandasAI (2.4.3 and earlier) fail to distinguish between legitimate and malicious inputs, allowing the attackers to manipulate the system into executing untrusted code, leading to untrusted code execution (RCE), system compromise, or pivoting attacks on connected services.
Overview
PandasAI interactive prompt function Remote Code Execution (RCE)
Advisory
PandasAI uses an interactive prompt function that is vulnerable to prompt injection and run arbitrary Python code that can lead to Remote Code Execution (RCE) instead of the intended explanation of the natural language processing by the LLM. The security controls of PandasAI (2.4.3 and earlier) fail to distinguish between legitimate and malicious inputs, allowing the attackers to manipulate the system into executing untrusted code, leading to untrusted code execution (RCE), system compromise, or pivoting attacks on connected services.
How to Fix
Mitigation and Workarounds
---
Vulnerable Functions
Functions linked to known vulnerabilities.
References
- https://getsafety.com/vulnerabilities/SFTY-20250211-67008/CVE-2024-12366
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12366
- https://github.com/advisories/GHSA-vv2h-2w3q-3fx7
- https://nvd.nist.gov/vuln/detail/CVE-2024-12366
- https://docs.getpanda.ai/v3/privacy-security
- https://docs.pandas-ai.com/advanced-security-agent
- https://www.kb.cert.org/vuls/id/148244
- https://github.com/advisories/GHSA-vv2h-2w3q-3fx7
Verified by Safety
Our Cybersecurity Intelligence Team reviewed this vulnerability. We combine public data with our own research to find issues not yet reported to public sources.
Learn more