VYPR
High severity7.5NVD Advisory· Published Mar 20, 2025· Updated Jun 17, 2026

CVE-2024-8055

CVE-2024-8055

Description

Vanna v0.6.3 is vulnerable to SQL injection via Snowflake database in its file staging operations using the PUT and COPY commands. This vulnerability allows unauthenticated remote users to read arbitrary local files on the victim server, such as /etc/passwd, by exploiting the exposed SQL queries through a Python Flask API.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Vanna AI/Vannainferred2 versions
    <=0.6.3+ 1 more
    • (no CPE)range: <=0.6.3
    • (no CPE)range: <=0.6.3

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.