CVE-2024-6841

Name of the Vulnerable Software and Affected Versions vanna-ai/vanna (affected versions not specified)

Description A Cross-Site Request Forgery (CSRF) issue exists in the vanna-ai/vanna repository. Two endpoints in the built-in web app, which provide SQL functionality, are implemented as simple GET requests, making them vulnerable to CSRF attacks. This allows an attacker to execute arbitrary SQL commands via CSRF without the target intending to expose the web app to the network or other users. The impact is limited to data alteration or deletion, as the attacker cannot read the results of the query.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.