CVE-2024-7764

Vulnerability

Overview

CVE-2024-7764 affects Vanna-ai version 0.6.2, a tool that uses large language models (LLMs) to generate SQL queries. The vulnerability stems from insufficient protection against injecting additional SQL commands from user requests. Specifically, the generate_sql function calls extract_sql with the LLM response, and an attacker can include a semi-colon between a search data field and their own command. This causes extract_sql to remove all LLM-generated SQL and execute the attacker's command if it passes the is_sql_valid function [1].

Exploitation

An attacker can exploit this by crafting a malicious input that includes a semi-colon to terminate the intended SQL query and append arbitrary SQL commands. The attack requires no authentication beyond normal access to the application's query interface. The attacker's injected command must pass the is_sql_valid validation, but the vulnerability allows bypassing the intended schema boundaries, enabling execution of SQL beyond the trained model's scope [1].

Impact

Successful exploitation allows an attacker to execute arbitrary SQL commands on the underlying database. This can lead to unauthorized data access, modification, or deletion, potentially compromising the confidentiality, integrity, and availability of the database. The CVSS v3 score of 8.1 (High) reflects the significant risk of data breach or loss [1].

Mitigation

As of the CVE publication date (2025-03-20), no official patch has been announced for Vanna-ai v0.6.2. Users should apply input validation and sanitization to prevent SQL injection, or restrict database permissions to limit the impact of any successful attack. Monitoring for unusual SQL queries is also recommended [1].