Submeter #773905: vanna.ai vanna 2.0.2 Remote command executioninformação

Títulovanna.ai vanna 2.0.2 Remote command execution
Descrição Because **user input is controllable**, and LLM output is also affected by prompt injection, attackers can construct malicious prompts to induce the model to insert arbitrary Python statements (e.g., importing `os`/`subprocess` and executing system commands) into the "Plotly code". If this code is executed by `exec()`, it could result in **arbitrary command execution (RCE)** on the host machine.
Fonte⚠️ https://github.com/Ka7arotto/cve/blob/main/vanna-rce.md
Utilizador
 Goku (UID 80486)
Submissão06/03/2026 12h46 (há 3 meses)
Moderação20/03/2026 15h28 (14 days later)
EstadoAceite
Entrada VulDB352077 [vanna-ai vanna até 2.0.2 /src/vanna/legacy exec Elevação de Privilégios]
Pontos20

VoltarVisão GeralPróximo

Do you need the next level of professionalism?

Upgrade your account now!