{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-30T12:56:23.471","vulnerabilities":[{"cve":{"id":"CVE-2024-12366","sourceIdentifier":"cret@cert.org","published":"2025-02-11T13:15:29.193","lastModified":"2026-06-17T06:59:35.060","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"PandasAI uses an interactive prompt function that is vulnerable to prompt injection and run arbitrary Python code that can lead to Remote Code Execution (RCE) instead of the intended explanation of the natural language processing by the LLM."},{"lang":"es","value":"PandasAI utiliza una función de solicitud interactiva que es vulnerable a la inyección de solicitudes y ejecuta código Python arbitrario que puede llevar a la ejecución remota de código (RCE) en lugar de la explicación prevista del procesamiento del lenguaje natural por parte del LLM."}],"affected":[{"source":"cret@cert.org","affectedData":[{"vendor":"Sinaptik AI","product":"PandasAI","versions":[{"version":"2.4.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-02-11T19:27:49.899761Z","id":"CVE-2024-12366","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"references":[{"url":"https://docs.getpanda.ai/v3/privacy-security","source":"cret@cert.org"},{"url":"https://docs.pandas-ai.com/advanced-security-agent","source":"cret@cert.org"},{"url":"https://www.kb.cert.org/vuls/id/148244","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}