CVE-2024-7764

Name of the Vulnerable Software and Affected Versions Vanna-ai version 0.6.2

Description The issue arises from insufficient protection against injecting additional SQL commands from user requests. This occurs when the generate sql function calls extract sql with the LLM response. An attacker can exploit this by including a semi-colon between a search data field and their own command, causing the extract sql function to remove all LLM generated SQL and execute the attacker's command if it passes the is sql valid function. This allows the execution of user-defined SQL beyond the expected boundaries, notably the trained schema.

Recommendations For Vanna-ai version 0.6.2, as a temporary workaround, consider restricting the input to the generate sql function to prevent the injection of malicious SQL commands. Additionally, restrict access to the extract sql function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.