| عنوان | premsql v0.2.1 Code Injection |
|---|
| الوصف | A Remote Code Execution (RCE) vulnerability exists in the premsql library due to the unsafe usage of eval() on language model outputs. An attacker can use prompt injection to force the LLM to output malicious Python code, which is then executed by the server.
```python
try:
result = self.generator.generate(
data_blob={"prompt": prompt},
temperature=temperature,
max_new_tokens=max_new_tokens,
postprocess=False,
)
# VULNERABILITY HERE:
result = eval(result.replace("null", "None"))
error_from_model = None
assert "alternate_decision" in result
assert "suggestion" in result
```
The `result` variable contains the raw string output from the LLM. The application attempts to parse this as a Python dictionary using `eval()`. However, if the LLM output is manipulated to contain valid Python commands (e.g., `__import__('os').system('calc')`), `eval()` will execute them. |
|---|
| المصدر | ⚠️ https://github.com/Ka7arotto/cve/blob/main/premsql-rce/issue.md |
|---|
| المستخدم | Goku (UID 80486) |
|---|
| ارسال | 21/03/2026 02:50 AM (25 أيام منذ) |
|---|
| الاعتدال | 05/04/2026 07:12 AM (15 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 355388 [premAI-io premsql حتى 0.2.1 followup.py eval result تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|