CVE-2023-39660
CRITICALpandasai < 0.8.0 - Remote Code Execution via Prompt Function
Title source: llmDescription
An issue in Gaberiele Venturi pandasai v.0.8.0 and before allows a remote attacker to execute arbitrary code via a crafted request to the prompt function.
References (2)
Core 2
Core References
Exploit, Issue Tracking, Patch
https://github.com/gventuri/pandas-ai/issues/399
Issue Tracking, Patch
https://github.com/gventuri/pandas-ai/pull/409
Scores
CVSS v3
9.8
EPSS
0.0127
EPSS Percentile
66.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
total
Details
CWE
CWE-94
Status
published
Products (2)
gabrieleventuri/pandasai
< 0.8.0
pypi/pandasai
0 - 0.8.1PyPI
Published
Aug 21, 2023
Tracked Since
Feb 18, 2026