CVE-2023-39661

Vulnerability

CVE-2023-39661 describes a vulnerability in pandas-ai, a library for natural language queries to data, due to insufficient input sanitization in the _is_jailbreak function [1]. This function attempts to prevent execution of malicious code generated by the LLM, but its blacklist-based approach can be bypassed [3].

Exploitation

An attacker can craft a prompt that leads the LLM to generate Python code using alternative built-in methods not filtered by _is_jailbreak. For example, by using ''.__class__.__mro__[-1].__subclasses__() to access the os.system function, arbitrary system commands can be executed [3]. No authentication is required, as the vulnerability is triggered through the normal query interface.

Impact

Successful exploitation results in remote code execution on the server running pandas-ai, allowing the attacker to execute arbitrary commands, read sensitive data, or perform other malicious actions.

Mitigation

Users should upgrade pandas-ai to a version after 0.9.1 where the fix is applied. The vendor's advisory (referenced in the NVD entry [2]) and the GitHub issue [3] provide further details.