CVE-2024-12366
📋 TL;DR
CVE-2024-12366 is a critical prompt injection vulnerability in PandasAI that allows attackers to execute arbitrary Python code through malicious prompts, leading to remote code execution. This affects any system using vulnerable versions of PandasAI with the interactive prompt function enabled.
💻 Affected Systems
- PandasAI
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise with attacker gaining complete control over the server, data exfiltration, lateral movement, and persistent backdoor installation.
Likely Case
Unauthorized data access, system manipulation, and potential privilege escalation through code execution in the application context.
If Mitigated
Limited impact with proper input validation and sandboxing, potentially only affecting the current user session.
🎯 Exploit Status
Exploitation requires access to the prompt interface but no authentication if the interface is publicly exposed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check vendor advisory for specific patched version
Vendor Advisory: https://docs.pandas-ai.com/advanced-security-agent
Restart Required: Yes
Instructions:
1. Check current PandasAI version. 2. Update to the latest patched version via pip: pip install --upgrade pandas-ai. 3. Restart all services using PandasAI. 4. Verify the update was successful.
🔧 Temporary Workarounds
Disable Interactive Prompts
allTemporarily disable the vulnerable interactive prompt function until patching is complete.
Configure application to disable interactive_prompt=True or similar settings
Implement Input Validation
allAdd strict input validation and sanitization for all user prompts.
Implement regex filtering for Python code patterns in prompts
Use allowlists for acceptable prompt formats
🧯 If You Can't Patch
- Isolate the vulnerable system in a restricted network segment with no internet access
- Implement strict WAF rules to block suspicious prompt patterns containing Python code
🔍 How to Verify
Check if Vulnerable:
Check if PandasAI version is below the patched version and if interactive prompt features are enabled.Check Version:
python -c "import pandasai; print(pandasai.__version__)"Verify Fix Applied:
Verify PandasAI version is at or above the patched version and test that prompt injection attempts no longer execute code.📡 Detection & Monitoring
Log Indicators:
- Unusual Python code execution in application logs
- Error messages related to prompt processing failures
- Suspicious import statements in user prompts
Network Indicators:
- Unexpected outbound connections from the application server
- Unusual data exfiltration patterns
SIEM Query:
source="application.log" AND ("python -c" OR "import os" OR "subprocess" OR "eval(") AND "pandasai"