CVE-2024-12366

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Feb 11, 2025

Summary

CVE-2024-12366 is a critical vulnerability affecting the PandasAI application. Instead of just explaining natural language processing, the interactive prompt function in PandasAI is susceptible to prompt injection attacks. An attacker who successfully executes such an attack can run arbitrary Python code, resulting in Remote Code Execution (RCE), bypassing the intended security measures. This issue poses a significant risk to users and requires immediate mitigation efforts from the developers.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/1axIqH
https://www.cve.org/CVERecord?id=CVE-2024-12366
https://nvd.nist.gov/vuln/detail/CVE-2024-12366

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

US Violent Extremists Likely Shifting Focus to Targeted Physical Threats in 2025

DRAT V2: Updated DRAT Emerges in TAG-140’s Arsenal

Threats to the 2025 NATO Summit

Know What Matters

For Customers

For Partners

CVE-2024-12366

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations