CVE-2024-23752 | PandasAI up to 1.5.17 Python Code synthetic_dataframe code injection (Issue 868)

Posted by Angelo Barbosa | Jan 22, 2024 | CVE

A vulnerability has been found in PandasAI up to 1.5.17 and classified as critical. This vulnerability affects the function synthetic_dataframe of the component Python Code Handler. The manipulation leads to code injection.

This vulnerability was named CVE-2024-23752. The attack can only be initiated within the local network. There is no exploit available.

CVE-2024-23752 | PandasAI up to 1.5.17 Python Code synthetic_dataframe code injection (Issue 868)

Related Posts

CVE-2024-0667 | Form-Maker Plugin up to 1.15.21 on WordPress cross-site request forgery

CVE-2023-51577 | Voltronic Power ViewPower Pro setShutdown Local Privilege Escalation (ZDI-23-1883)

CVE-2023-6536 | Linux Kernel NVMe Driver __nvmet_req_complete null pointer dereference

CVE-2024-41465 | Tenda FH1201 1.2.0.14 ip/goform/setcfm funcpara1 stack-based overflow