Submeter #771215: vanna-ai Vanna 2.0.2 SQL Injection (CWE-89)informação

Título	vanna-ai Vanna 2.0.2 SQL Injection (CWE-89)
Descrição	# Technical Details A Direct SQL Injection vulnerability exists in the `update_sql` and `run_sql` endpoints in `src/vanna/legacy/flask/__init__.py` of Vanna. The `/api/v0/update_sql` endpoint accepts arbitrary SQL from the request body and stores it in the shared cache with zero validation. An attacker then calls `/api/v0/run_sql` with the same cache ID, which reads the cached SQL and executes it directly against the connected database — completely bypassing the `is_sql_valid()` check that only exists in the `generate_sql` endpoint. # Vulnerable Code File: src/vanna/legacy/flask/__init__.py (line 604-648) Method: update_sql endpoint Why: The endpoint stores attacker-supplied SQL in the cache without any validation: `self.cache.set(id=id, field="sql", value=sql)`. The `run_sql` endpoint (line 499-552) then executes this cached SQL via `vn.run_sql(sql=sql)` with zero re-validation. The `is_sql_valid()` check only exists in `generate_sql`, not in `update_sql`. # Reproduction 1. Start Vanna server with any database backend (default NoAuth configuration) 2. Get a valid cache ID: curl 'http://127.0.0.1:8084/api/v0/generate_sql?question=how+many+customers' 3. Overwrite cached SQL: curl -X POST 'http://127.0.0.1:8084/api/v0/update_sql' -H 'Content-Type: application/json' -d '{"id":"<cache_id>","sql":"SELECT service_name, api_key, secret_key FROM api_credentials"}' 4. Execute injected SQL: curl 'http://127.0.0.1:8084/api/v0/run_sql?id=<cache_id>' — returns stolen credentials # Impact - Arbitrary SQL execution on any connected database (all backends) - Data exfiltration (SELECT from any table including credentials) - Data destruction (DROP TABLE, DELETE, TRUNCATE) - On PostgreSQL: file read via pg_read_file(), RCE via COPY TO PROGRAM - On MSSQL: RCE via EXEC xp_cmdshell - 100% deterministic — no LLM manipulation needed, only 2 HTTP requests
Fonte	⚠️ https://gist.github.com/YLChen-007/48b86c2365e5ebf6923d5f14491b4329
Utilizador	Eric-y (UID 95889)
Submissão	04/03/2026 08h49 (há 2 meses)
Moderação	15/03/2026 19h45 (11 days later)
Estado	Aceite
Entrada VulDB	351153 [vanna-ai vanna até 2.0.2 Endpoint __init__.py update_sql Injeção SQL]
Pontos	20

◂ Voltar Visão Geral Próximo ▸

Want to know what is going to be exploited?

We predict KEV entries!