GHSA-5g73-69p4-7gvx
Suggest an improvement- Source
- https://github.com/advisories/GHSA-5g73-69p4-7gvx
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/01/GHSA-5g73-69p4-7gvx/GHSA-5g73-69p4-7gvx.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-5g73-69p4-7gvx
- Aliases
- Published
- 2024-01-22T03:30:26Z
- Modified
- 2024-02-16T08:13:05.229483Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Code execution in pandasai
- Details
-
GenerateSDFPipeline in synthetic_dataframe in PandasAI (aka pandas-ai) through 1.5.17 allows attackers to trigger the generation of arbitrary Python code that is executed by SDFCodeExecutor. An attacker can create a dataframe that provides an English language specification of this Python code. NOTE: the vendor previously attempted to restrict code execution in response to a separate issue, CVE-2023-39660.
- Database specific
{ "github_reviewed": true, "nvd_published_at": "2024-01-22T01:15:08Z", "github_reviewed_at": "2024-01-22T21:28:23Z", "severity": "CRITICAL", "cwe_ids": [ "CWE-862", "CWE-94" ] }- References
Affected packages
PyPI / pandasai
Package
- Name
- pandasai
- View open source insights on deps.dev
- Purl
- pkg:pypi/pandasai
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedLast affected1.5.17
Affected versions
0.*
0.0.1
0.0.2
0.0.3
0.1.0
0.1.1
0.2.0
0.2.1
0.2.2
0.2.3
0.2.4
0.2.5
0.2.6
0.2.7
0.2.8
0.2.9
0.2.10
0.2.11
0.2.12
0.2.13
0.2.14
0.2.15
0.2.16
0.3.0
0.4.0
0.4.1
0.4.2
0.5.0
0.5.1
0.5.2
0.5.3
0.5.4
0.5.5
0.6.0
0.6.1
0.6.2
0.6.3
0.6.4
0.6.5
0.6.6
0.6.7
0.6.8
0.6.9
0.6.10
0.6.11
0.6.12
0.7.0
0.7.1
0.7.2
0.8.0
0.8.1
0.8.2
0.8.3
0.8.4
1.*
1.0a1
1.0a2
1.0b1
1.0
1.0.1
1.0.2
1.0.3
1.0.4
1.0.5
1.0.6
1.0.7
1.0.8
1.0.9
1.0.10
1.0.11
1.1
1.1.1
1.1.2
1.1.3
1.2
1.2.1
1.2.2
1.2.3
1.2.4
1.2.5
1.2.6
1.2.7
1.2.8
1.2.10
1.3b1
1.3b2
1.3
1.3.1
1.3.2
1.3.3
1.4
1.4.1
1.4.2
1.4.3
1.4.4
1.4.5
1.4.6
1.4.7
1.4.8
1.4.9
1.4.10
1.5.0a1
1.5a2
1.5.0
1.5.1
1.5.2
1.5.3
1.5.4
1.5.5
1.5.6
1.5.7
1.5.8
1.5.9
1.5.10
1.5.11
1.5.12
1.5.13
1.5.14
1.5.15a0
1.5.15
1.5.16
1.5.17