{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-22T11:43:40.193","vulnerabilities":[{"cve":{"id":"CVE-2024-8099","sourceIdentifier":"security@huntr.dev","published":"2025-03-20T10:15:41.013","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A Server-Side Request Forgery (SSRF) vulnerability exists in the latest version of vanna-ai/vanna when using DuckDB as the database. An attacker can exploit this vulnerability by submitting crafted SQL queries that leverage DuckDB's default features, such as `read_csv`, `read_csv_auto`, `read_text`, and `read_blob`, to make unauthorized requests to internal or external resources. This can lead to unauthorized access to sensitive data, internal systems, and potentially further attacks."},{"lang":"es","value":"Existe una vulnerabilidad de Server-Side Request Forgery (SSRF) en la última versión de vanna-ai/vanna al usar DuckDB como base de datos. Un atacante puede explotar esta vulnerabilidad enviando consultas SQL manipuladas que aprovechan las funciones predeterminadas de DuckDB, como `read_csv`, `read_csv_auto`, `read_text` y `read_blob`, para realizar solicitudes no autorizadas a recursos internos o externos. Esto puede provocar acceso no autorizado a datos confidenciales y sistemas internos, y potencialmente otros ataques."}],"metrics":{"cvssMetricV30":[{"source":"security@huntr.dev","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.7}]},"weaknesses":[{"source":"security@huntr.dev","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://huntr.com/bounties/19b96694-ed52-4ee4-8d2c-6cc7bd09c0ad","source":"security@huntr.dev"}]}}]}