vanna@0.7.5 vulnerabilities

vanna is a Generate SQL queries from natural language

Affected versions of this package are vulnerable to SQL Injection through the pg_read_file function. An attacker can read arbitrary local files on the server by exploiting exposed SQL queries.

Note

By default pg_read_file() is restricted to superusers, but other users can be granted the EXECUTE permission to run this function.

There is no fixed version for vanna.

vanna is a Generate SQL queries from natural language

Affected versions of this package are vulnerable to SQL Injection through the integration of DuckDB with Flask Web APIs. An attacker can manipulate SQL training data to generate queries that write arbitrary files on the victim's system, potentially leading to unauthorized command execution or the creation of backdoors.

There is no fixed version for vanna.

vanna is a Generate SQL queries from natural language

Affected versions of this package are vulnerable to Code Injection via the src/vanna/base/base.py file, where function exec execute the plotly_code which is generated by LLM in function generate_plotly_code. An attacker can achieve RCE on the app backend server via prompt injection and gain the full control of the server.

There is no fixed version for vanna.

vanna is a Generate SQL queries from natural language

Affected versions of this package are vulnerable to Improper Input Validation allowing prompt injection via the ask method with the visualize parameter set to True. An attacker can execute arbitrary code by injecting malicious input into the prompt function. This is only exploitable if the visualize parameter is enabled, which is the default setting.

There is no fixed version for vanna.