CVE-2024-5565

Name of the Vulnerable Software and Affected Versions Vanna library (affected versions not specified)

Description The Vanna library is affected by a remote code execution issue due to prompt injection. This allows an attacker to alter the prompt function used for visualized results and run arbitrary Python code. The issue arises when external input is allowed to the library's ask method with visualize set to True, which is the default behavior. This vulnerability has been reportedly exploited in the wild.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.