VU#148244: PandasAI interactive prompt function can be exploited to run arbitrary Python code through prompt injection, which can lead to remote code execution (RCE)
PandasAI, a Python library using LLMs for data interaction, was found vulnerable to prompt injection attacks (CVE-2024-12366). Attackers could inject malicious code via natural language prompts, bypassing security measures. This vulnerability allowed arbitrary code execution within PandasAI's process. The flaw stems from the inherent difficulty of separating code and data in AI agents. Untrusted code execution could lead to system compromise and further attacks on connected services. SinaptikAI, the developer, has addressed this by introducing a new security configuration parameter. Users can now choose between Standard, Advanced, and None security levels. A sandbox environment is also available for enhanced security. The vulnerability was discovered and reported by the NVIDIA AI Red Team. The updated PandasAI mitigates the risk by allowing users to select appropriate security settings based on their environment.