CVE-2024-5753

Vulnerability

Details CVE-2024-5753 affects vanna-ai/vanna version 0.3.4, an open-source tool that converts natural language to SQL queries. The vulnerability is an SQL injection in file-critical functions such as pg_read_file(). This arises because user-supplied input is not properly sanitized before being incorporated into SQL queries executed by the Python Flask API [2].

Exploitation

An unauthenticated remote attacker can exploit this by sending crafted requests to the Flask API. The attacker does not need any prior authentication or special network position; the API endpoint is exposed by default. By injecting SQL commands into parameters that reach pg_read_file(), the attacker can read arbitrary files from the server's filesystem [2].

Impact

Successful exploitation allows the attacker to read sensitive files, including /etc/passwd, database credentials, or configuration files. This can lead to further compromise of the server or lateral movement within the network. The vulnerability does not require any user interaction and has a CVSS v3 score of 7.5 (High) [2].

Mitigation

The vulnerability was reported via a bug bounty program [3]. The vanna project has since evolved to version 2.0, which includes enhanced security measures such as user-aware permissions and row-level security [1]. Users are strongly advised to upgrade to the latest version or apply vendor-provided patches. If upgrading is not possible, restricting network access to the API endpoint can reduce risk.