Vanna.ai SQL Injection Vulnerability in generate_sql Function

A SQL injection vulnerability has been identified in Vanna.ai version 0.6.2. The issue arises from inadequate validation of user input, allowing attackers to inject additional SQL commands that could be executed against the database. This vulnerability occurs when the 'generate_sql' function processes responses from the language model (LLM) and extracts SQL queries. By inserting a semi-colon between a data field and an injected command, an attacker can manipulate the extracted SQL and execute their own queries, potentially accessing or modifying data beyond the intended scope.

Impact

Exploitation of this vulnerability allows for the execution of arbitrary SQL commands, appended to the end of the LLM-generated SQL, against the application's database. This could lead to unauthorized data access or manipulation.

Reproduction

To reproduce this vulnerability, use the Vanna.ai Flask demo application with a local PostgreSQL database. After configuring the API key, model, and training, send a request to the '/api/v0/generate_sql' endpoint. Include a question that prompts the LLM to generate SQL, but insert a semi-colon to terminate the original SQL command and append a new one, such as 'SELECT * FROM USERS;'. The response will include the injected SQL command, which can be executed if it passes the validation checks.