{"vulnerability": "CVE-2024-12366", "sightings": [{"uuid": "a7fdf1fb-98eb-4d3e-a6f8-4c5e2d5e57bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12366", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113985351114543788", "content": "", "creation_timestamp": "2025-02-11T12:53:49.414504Z"}, {"uuid": "3fec8e1b-7cf8-4041-9fa0-d1be0af90170", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12366", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhvqjn3qkr23", "content": "", "creation_timestamp": "2025-02-11T13:15:43.144485Z"}, {"uuid": "e8689a18-fc63-48f3-8db1-419771af9acc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12366", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lhvu4qgspo2y", "content": "", "creation_timestamp": "2025-02-11T14:20:11.512221Z"}, {"uuid": "43902ec7-8b91-4ca3-be5b-374bcab5897d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12366", "type": "seen", "source": "https://bsky.app/profile/dinosn.bsky.social/post/3lhxbhshixk24", "content": "", "creation_timestamp": "2025-02-12T03:51:39.515915Z"}, {"uuid": "8e7d9587-373c-4e6f-9e57-5e5352cec1f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12366", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3li3i5vka7s26", "content": "", "creation_timestamp": "2025-02-13T20:01:58.784176Z"}, {"uuid": "68d367e3-00c6-4598-8560-2cccb390055a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12366", "type": "seen", "source": "https://bsky.app/profile/bolhasec.com/post/3lpa24buegp2a", "content": "", "creation_timestamp": "2025-05-15T17:30:11.713272Z"}, {"uuid": "9d39356b-744a-4d6b-bd4b-48340848f42d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12366", "type": "seen", "source": "https://t.me/cvedetector/17706", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12366 - PandasAI LLM Remote Code Execution Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-12366 \nPublished : Feb. 11, 2025, 1:15 p.m. | 52\u00a0minutes ago \nDescription : PandasAI uses an interactive prompt function that is vulnerable to prompt injection and run arbitrary Python code that can lead to Remote Code Execution (RCE) instead of the intended explanation of the natural language processing by the LLM. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-11T15:41:46.000000Z"}, {"uuid": "92ba9539-ad54-4e89-8496-d15cd80c81ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12366", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/3932", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12366\n\ud83d\udd25 CVSS Score: 9.8 (CVSS_V3)\n\ud83d\udd39 Description: PandasAI uses an interactive prompt function that is vulnerable to prompt injection and run arbitrary Python code that can lead to Remote Code Execution (RCE) instead of the intended explanation of the natural language processing by the LLM. The security controls of PandasAI (2.4.3 and earlier) fail to distinguish between legitimate and malicious inputs, allowing the attackers to manipulate the system into executing untrusted code, leading to untrusted code execution (RCE), system compromise, or pivoting attacks on connected services.\n\ud83d\udccf Published: 2025-02-11T15:32:24Z\n\ud83d\udccf Modified: 2025-02-11T21:41:47Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-12366\n2. https://docs.getpanda.ai/v3/privacy-security\n3. https://docs.pandas-ai.com/advanced-security-agent\n4. https://github.com/sinaptik-ai/pandas-ai\n5. https://www.kb.cert.org/vuls/id/148244", "creation_timestamp": "2025-02-11T22:06:55.000000Z"}, {"uuid": "6e9e879c-4fbd-4fa6-bed5-e6ce0809d5f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12366", "type": "seen", "source": "Telegram/03ProG_aSsOBxs0Iz_mqpSONf1h0Bjc41e6bDcTiczX4atpv", "content": "", "creation_timestamp": "2025-02-14T10:01:40.000000Z"}, {"uuid": "e8521c8d-159f-40f3-8d8c-cca59513f2df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12366", "type": "seen", "source": "Telegram/MDn3J-gZI7WnMy5prxbmMSmCuuwX13pC8UWTypDqOGxF42G_", "content": "", "creation_timestamp": "2025-02-14T10:01:40.000000Z"}, {"uuid": "f5658378-e578-4847-b329-5722c8f5059b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12366", "type": "seen", "source": "Telegram/eHEjQCiSTDqdk9YFMewvBbbqxj24kA_-fNM16rcTTHsyl0hG", "content": "", "creation_timestamp": "2025-02-14T10:04:00.000000Z"}]}