Miggo Logo
Miggo Vulnerability Database
CVE-2024-5826

CVE-2024-5826: vanna vulnerable to remote code execution caused by prompt injection

9.8

CVSS Score
3.0

Basic Information

CVE ID
CVE-2024-5826
GHSA ID
GHSA-rrqq-fv6m-692m
EPSS Score
0.79667%
CWE
CWE-94
Published
6/27/2024
Updated
6/28/2024
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
vannapip<= 0.6.2

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability report explicitly identifies the vanna.ask function as the entry point for prompt injection attacks. This function processes user input, generates code via an LLM, and executes it using Python's exec function in src/vanna/base/base.py. The lack of a sandbox or restrictions around the exec call allows arbitrary code execution. Since the advisory directly links vanna.ask to the insecure exec usage in the specified file, this function is the clear vulnerability source with high confidence.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

In t** l*t*st v*rsion o* v*nn*-*i/v*nn*, t** `v*nn*.*sk` *un*tion is vuln*r**l* to r*mot* *o** *x**ution *u* to prompt inj**tion. T** root **us* is t** l**k o* * s*n**ox w**n *x**utin* LLM-**n*r*t** *o**, *llowin* *n *tt**k*r to m*nipul*t* t** *o** *

Reasoning

T** vuln*r**ility r*port *xpli*itly i**nti*i*s t** `v*nn*.*sk` *un*tion *s t** *ntry point *or prompt inj**tion *tt**ks. T*is *un*tion pro**ss*s us*r input, **n*r*t*s *o** vi* *n LLM, *n* *x**ut*s it usin* Pyt*on's `*x**` *un*tion in `sr*/v*nn*/**s*/