MLJAR PlotAI Remote Code Execution Vulnerability

A remote code execution vulnerability has been identified in MLJAR's PlotAI software, affecting all versions through 0.0.6. The issue arises from improper validation of output generated by large language models (LLMs), which allows attackers to execute arbitrary Python code. Although the vendor has commented out the vulnerable line of code, reactivating it would require accepting the associated risks. The vendor does not intend to release a patch for this vulnerability.

Impact

Exploitation of this vulnerability allows for arbitrary Python code execution on the server where PlotAI is running.

Reproduction

The vulnerability can be reproduced by uncommenting the 'exec' line in the 'plotai/code/executor.py' file, which is disabled by default due to security concerns. After re-enabling this line, the PlotAI package can be used to generate plots. However, this action exposes the application to the risk of executing malicious code, as the LLM-generated output is not properly sanitized.