CVE-2024-5565

HIGH Year: 2024
CVSS v3 Score
8.1
High
Weakness Type
CWE-94
View all →

Vulnerability Description

The Vanna library uses a prompt function to present the user with visualized results, it is possible to alter the prompt using prompt injection and run arbitrary Python code instead of the intended visualization code. Specifically - allowing external input to the library’s “ask” method with "visualize" set to True (default behavior) leads to remote code execution.

Related Vulnerabilities

CVE-2009-2529

HIGH
CVSS:8.1(High)

Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not properly handle argument validation for unspecified variables, which allows remote attackers to execute arbitrary code via a crafted H...

CWE-942009

CVE-2010-0248

HIGH
CVSS:8.1(High)

Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly init...

CWE-942010

CVE-2010-0492

HIGH
CVSS:8.1(High)

Use-after-free vulnerability in mstime.dll in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via vectors related to the TIME2 behavior, the CTimeAction object, and des...

CWE-942010

CVE-2012-1879

HIGH
CVSS:8.1(High)

Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access an undefined memory location, aka "i...

CWE-942012

CVE-2013-0810

HIGH
CVSS:8.1(High)

Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, and Windows Server 2008 SP2 allow remote attackers to execute arbitrary code via a crafted screensaver in a theme file, ak...

CWE-942013

CVE-2013-2115

HIGH
CVSS:8.1(High)

Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A...

CWE-942013