CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-23752
https://notcve.org/view.php?id=CVE-2024-23752
22 Jan 2024 — GenerateSDFPipeline in synthetic_dataframe in PandasAI (aka pandas-ai) through 1.5.17 allows attackers to trigger the generation of arbitrary Python code that is executed by SDFCodeExecutor. An attacker can create a dataframe that provides an English language specification of this Python code. NOTE: the vendor previously attempted to restrict code execution in response to a separate issue, CVE-2023-39660. GenerateSDFPipeline en Synthetic_dataframe en PandasAI (también conocido como pandas-ai) hasta 1.5.17 p... • https://github.com/gventuri/pandas-ai/issues/868 • CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-39660
https://notcve.org/view.php?id=CVE-2023-39660
21 Aug 2023 — An issue in Gaberiele Venturi pandasai v.0.8.0 and before allows a remote attacker to execute arbitrary code via a crafted request to the prompt function. • https://github.com/gventuri/pandas-ai/issues/399 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-39661
https://notcve.org/view.php?id=CVE-2023-39661
15 Aug 2023 — An issue in pandas-ai v.0.9.1 and before allows a remote attacker to execute arbitrary code via the _is_jailbreak function. Un problema en pandas-ai v.0.9.1 y anteriores permite a un atacante remoto ejecutar código arbitrario a través de la función _is_jailbreak. • https://github.com/gventuri/pandas-ai/issues/410 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •