CVE-2024-5753

NONE EPSS 44.4%
Published Jul 5, 20241y ago · Modified Jun 17, 20261w ago
Find Similar
Published Jul 5, 2024 1y ago
Last Modified Jun 17, 2026 1w ago

Description

vanna-ai/vanna version v0.3.4 is vulnerable to SQL injection in some file-critical functions such as `pg_read_file()`. This vulnerability allows unauthenticated remote users to read arbitrary local files on the victim server, including sensitive files like `/etc/passwd`, by exploiting the exposed SQL queries via a Python Flask API.

Threat Intelligence

EPSS Exploit Probability
44.4% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-89 SQL Injection Injection

References 1

  • huntr.com https://huntr.com/bounties/a3f913d6-c717-4528-b974-26d8d9e839ca

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.