vanna-ai vanna Remote Command Execution Vulnerability

A remote command execution vulnerability has been identified in vanna-ai vanna versions through 2.0.2. The issue arises in the 'exec' function within the 'legacy' component, specifically in the file '/src/vanna/legacy'. This vulnerability allows for injection attacks, where an attacker can manipulate user input to execute arbitrary Python code on the host machine.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on the host system, potentially leading to unauthorized access or control over the server.

Reproduction

To reproduce this vulnerability, send a crafted prompt to the application that exploits the prompt injection vulnerability. The prompt should be designed to manipulate the output of the language model into executing arbitrary Python code, such as system commands, under the guise of Plotly visualization code. This can be done by using the 'visualize' option, which triggers the 'exec' function to execute the injected code.