CVE-2024-8099

Name of the Vulnerable Software and Affected Versions vanna-ai/vanna (affected versions not specified)

Description A Server-Side Request Forgery (SSRF) issue exists when using DuckDB as the database, allowing attackers to submit crafted SQL queries to make unauthorized requests to internal or external resources. This can lead to unauthorized access to sensitive data and internal systems. The vulnerability can be exploited by leveraging DuckDB's default features, such as read csv, read csv auto, read text, and read blob.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.