CVE-2024-5565

CVSS 3.1 Score 8.1 of 10 (high)

Details

Published May 31, 2024

Updated: Jul 3, 2024

CWE ID 94

Summary

CVE-2024-5565 is a vulnerability affecting the Vanna library. This issue arises due to an injection flaw in the prompt function, which allows attackers to manipulate the prompt and run arbitrary Python code in place of intended visualization code. By inputting malicious code when the "ask" method is called with "visualize" set to its default value of True, attackers can achieve remote code execution.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/wNVhrJ
https://www.cve.org/CVERecord?id=CVE-2024-5565
https://nvd.nist.gov/vuln/detail/CVE-2024-5565

Back to Vulnerability Database

CVE-2024-5565

CVSS 3.1 Score 8.1 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations