CVE-2024-5565
CVSS 3.1 Score 8.1 of 10 (high)
Details
Published May 31, 2024
Updated: Jul 3, 2024
CWE ID 94
Summary
CVE-2024-5565 is a vulnerability affecting the Vanna library. This issue arises due to an injection flaw in the prompt function, which allows attackers to manipulate the prompt and run arbitrary Python code in place of intended visualization code. By inputting malicious code when the "ask" method is called with "visualize" set to its default value of True, attackers can achieve remote code execution.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share