← back
CVE-2024-12366

CVE-2024-12366

CVSS 9.8 CRITICALEPSS 1.2%
Vexday Risk Score
28Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 9.8EPSS 1.2%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
11 Feb 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
PandasAI uses an interactive prompt function that is vulnerable to prompt injection and run arbitrary Python code that can lead to Remote Code Execution (RCE) instead of the intended explanation of the natural language processing by the LLM.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Sinaptik AI · PandasAI