{"data":{"id":"116efa2e-505f-4124-bd11-fb3494a477ab","title":"CVE-2024-12366: PandasAI uses an interactive prompt function that is vulnerable to prompt injection and run arbitrary Python code that c","summary":"PandasAI contains a vulnerability where its interactive prompt function can be exploited through prompt injection (tricking the AI by hiding instructions in its input), allowing attackers to run arbitrary Python code and achieve RCE (remote code execution, where an attacker can run commands on a system they don't own) instead of just getting explanations from the language model.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2024-12366","publishedAt":"2025-02-11T13:15:29.193Z","cveId":"CVE-2024-12366","cweIds":null,"cvssScore":"9.8","cvssSeverity":"critical","severity":"critical","attackType":["prompt_injection"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["HuggingFace"],"affectedVendorsRaw":["PandasAI"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.01216,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality","availability"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}