CVE-2024-12366: PandasAI interactive prompt function Remote Code Execution (RCE)

February 11, 2025

PandasAI uses an interactive prompt function that is vulnerable to prompt injection and run arbitrary Python code that can lead to Remote Code Execution (RCE) instead of the intended explanation of the natural language processing by the LLM. The security controls of PandasAI (2.4.3 and earlier) fail to distinguish between legitimate and malicious inputs, allowing the attackers to manipulate the system into executing untrusted code, leading to untrusted code execution (RCE), system compromise, or pivoting attacks on connected services.

References

docs.getpanda.ai/v3/privacy-security
docs.pandas-ai.com/advanced-security-agent
github.com/advisories/GHSA-vv2h-2w3q-3fx7
github.com/sinaptik-ai/pandas-ai
nvd.nist.gov/vuln/detail/CVE-2024-12366
www.kb.cert.org/vuls/id/148244

Detect and mitigate CVE-2024-12366 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →