CVE-2024-12366: RCE in pandasai ≤2.4.2
Platform
python
Component
pandasai
Fixed in
2.4.1
2.4.3
CVE-2024-12366 describes a Remote Code Execution (RCE) vulnerability within pandasai, a Python library designed to enhance pandas with natural language processing capabilities. This flaw arises from insufficient security controls in the interactive prompt function, allowing attackers to inject malicious prompts and execute arbitrary Python code. Versions of pandasai up to and including 2.4.2 are affected; a fix is available in version 2.4.1.
Detect this CVE in your project
Upload your requirements.txt file and we'll tell you instantly if you're affected.
Impact and Attack Scenarios
The impact of CVE-2024-12366 is severe. An attacker can leverage prompt injection to bypass security measures and execute arbitrary Python code within the pandasai environment. This could lead to complete system compromise, allowing the attacker to steal sensitive data, install malware, or pivot to other connected systems. The ability to execute arbitrary code effectively grants the attacker full control over the affected system. This vulnerability shares similarities with other prompt injection attacks targeting large language model integrations, highlighting the importance of robust input validation and security controls.
Exploitation Context
CVE-2024-12366 was publicly disclosed on 2025-02-11. The CVSS score of 9.8 (CRITICAL) indicates a high probability of exploitation. Public proof-of-concept (PoC) code is likely to emerge given the ease of prompt injection exploitation. It is not currently listed on CISA KEV, but its critical severity warrants close monitoring. Active campaigns targeting pandasai are not yet confirmed, but the vulnerability's ease of exploitation makes it a potential target.
Threat Intelligence
Exploit Status
EPSS
5.90% (91% percentile)
CVSS Vector
What do these metrics mean?
- Attack Vector
- Network — remotely exploitable over the internet. No physical or local access required. Widest attack surface.
- Attack Complexity
- Low — no special conditions required. Attacker can exploit reliably without depending on rare configurations or timing.
- Privileges Required
- None — unauthenticated. No login or credentials needed to exploit.
- User Interaction
- None — attack is automatic and silent. Victim does nothing: no click, no file open.
- Scope
- Unchanged — impact is limited to the vulnerable component itself.
- Confidentiality
- High — complete confidentiality loss. Attacker can read all data: credentials, keys, personal data.
- Integrity
- High — attacker can write, modify, or delete any data: databases, config files, or code.
- Availability
- High — complete crash or resource exhaustion. Full denial of service.
Affected Software
Weakness Classification (CWE)
Timeline
- Reserved
- Published
- EPSS updated
Mitigation and Workarounds
The primary mitigation for CVE-2024-12366 is to upgrade pandasai to version 2.4.1 or later. This version includes fixes to properly validate and sanitize user inputs, preventing malicious code execution. If upgrading is not immediately feasible, consider implementing strict input validation and sanitization on all prompts passed to pandasai. While not a complete solution, this can reduce the attack surface. Review and restrict the permissions granted to the pandasai process to limit the potential damage from a successful exploit. After upgrading, verify the fix by attempting to inject a simple, known malicious prompt and confirming that it is properly rejected.
How to fix
Update the PandasAI library to a version later than 2.4.0 that fixes the code injection vulnerability. Refer to the release notes and security updates provided by Sinaptik AI for specific instructions on updating and additional mitigations.
CVE Security Newsletter
Vulnerability analysis and critical alerts directly to your inbox.
Frequently asked questions
What is CVE-2024-12366 — RCE in pandasai ≤2.4.2?
CVE-2024-12366 is a critical Remote Code Execution vulnerability in pandasai versions up to 2.4.2. Attackers can inject malicious prompts to execute arbitrary Python code, potentially compromising the entire system.
Am I affected by CVE-2024-12366 in pandasai ≤2.4.2?
If you are using pandasai version 2.4.2 or earlier, you are vulnerable to this RCE vulnerability. Carefully assess your environment and upgrade as soon as possible.
How do I fix CVE-2024-12366 in pandasai ≤2.4.2?
Upgrade pandasai to version 2.4.1 or later. This version includes the necessary security fixes to prevent prompt injection attacks. Implement input validation as a temporary workaround if immediate upgrade is not possible.
Is CVE-2024-12366 being actively exploited?
While no active campaigns have been confirmed, the vulnerability's critical severity and ease of exploitation suggest it is a potential target. Continuous monitoring is recommended.
Where can I find the official pandasai advisory for CVE-2024-12366?
Refer to the pandasai project's official security advisories and release notes for detailed information and updates regarding CVE-2024-12366. Check the pandasai GitHub repository and documentation.
Is your project affected?
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.