Critical severity9.8GHSA Advisory· Published Feb 11, 2025· Updated Apr 15, 2026
CVE-2024-12366
CVE-2024-12366
Description
PandasAI uses an interactive prompt function that is vulnerable to prompt injection and run arbitrary Python code that can lead to Remote Code Execution (RCE) instead of the intended explanation of the natural language processing by the LLM.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
pandasaiPyPI | <= 2.4.2 | — |
Affected products
2- Range: <= 2.4.2
Patches
Vulnerability mechanics
References
5News mentions
0No linked articles in our index yet.