vanna-ai vanna legacy exec injection

A security vulnerability has been detected in vanna-ai vanna up to 2.0.2. Affected is the function exec of the file /src/vanna/legacy. Such manipulation leads to injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

输出中的特殊元素转义处理不恰当(注入)

Vanna 安全漏洞

Vanna是Vanna公司的一个个性化 AI SQL 代理。 vanna 2.0.2及之前版本存在安全漏洞，该漏洞源于文件/src/vanna/legacy中函数exec存在注入，可能导致远程执行任意代码。

N/A

N/A