Prompt Injection Vulnerability in Vanna Library by JFrog
CVE-2024-5565

Currently unrated

Key Information:

Vendor

JFrog

Status
Vanna Library
Vendor
CVE Published:
31 May 2024

Badges

đź“° News Worthy

What is CVE-2024-5565?

The Vanna library is vulnerable to a prompt injection issue that allows users to manipulate the input provided to the library's prompt function. When external input is sent to the 'ask' method with visualization capabilities enabled, malicious users can execute arbitrary Python code, leading to remote code execution. This vulnerability exposes applications using the Vanna library to potential exploitation, making it imperative for users to assess their implementations and apply necessary patches or workarounds.

News Articles

favicon imageThe Cyber Express

Vanna AI Vulnerability: Remote Code Execution (CVE-2024-5565)

The Vanna AI vulnerability exposes SQL databases to remote code execution (RCE) via prompt injection.

favicon imageThe Hacker News

Prompt Injection Flaw in Vanna AI Exposes Databases to RCE Attacks

Discover how a critical flaw in Vanna.AI library exposes databases to remote code execution and the growing risks of AI prompt injection attacks.

References

https://research.jfrog.com/vulnerabilities/vanna-prompt-i...

Timeline

  • đź“°

    First article discovered by The Hacker News

  • Vulnerability published

.