CVE-2024-5753 Information
Jul 06, 2024
cve
Description
vanna-ai/vanna version v0.3.4 is vulnerable to SQL injection in some file-critical functions such as pg_read_file(). This vulnerability allows unauthenticated remote users to read arbitrary local files on the victim server including sensitive files like /etc/passwd by exploiting the exposed SQL queries via a Python Flask API.
Reference
https://huntr.com/bounties/a3f913d6-c717-4528-b974-26d8d9e839ca
Share on: