Kai Greshake

Name of the Vulnerable Software and Affected Versions: PandasAI versions 2.4.3 and earlier Description: PandasAI utilizes an interactive prompt function that is vulnerable to prompt injection, allowing the execution of arbitrary Python code. This can lead to Remote Code Execution (RCE) instead of the intended explanation of natural language processing by the LLM. The security controls of PandasAI fail to distinguish between legitimate and malicious inputs, enabling attackers to manipulate the system into executing untrusted code. This can result in system compromise or pivoting attacks on connected services. Recommendations: For PandasAI versions 2.4.3 and earlier, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider disabling the interactive prompt function until a patch is available. Restrict access to the prompt injection feature to minimize the risk of exploitation. Avoid using the interactive prompt function with untrusted inputs until the issue is resolved.