Skip to main content

CVE-2024-23752: n/a in n/a

Critical
VulnerabilityCVE-2024-23752cvecve-2024-23752
Published: Mon Jan 22 2024 (01/22/2024, 00:00:00 UTC)
Source: CVE Database V5
Vendor/Project: n/a
Product: n/a

Description

GenerateSDFPipeline in synthetic_dataframe in PandasAI (aka pandas-ai) through 1.5.17 allows attackers to trigger the generation of arbitrary Python code that is executed by SDFCodeExecutor. An attacker can create a dataframe that provides an English language specification of this Python code. NOTE: the vendor previously attempted to restrict code execution in response to a separate issue, CVE-2023-39660.

AI-Powered Analysis

AILast updated: 07/08/2025, 17:14:33 UTC

Technical Analysis

CVE-2024-23752 is a critical vulnerability affecting the PandasAI library, specifically within the GenerateSDFPipeline function in the synthetic_dataframe module. This vulnerability allows an attacker to craft a specially designed dataframe containing an English language specification that is interpreted and converted into arbitrary Python code. This code is then executed by the SDFCodeExecutor component without proper restrictions. The root cause lies in insufficient validation and control over the code generation process, enabling remote code execution (RCE) without requiring authentication or user interaction. The vulnerability is severe because it allows an attacker to execute arbitrary code on the host system, potentially leading to full system compromise. The CVSS 3.1 base score of 9.8 reflects the high impact on confidentiality, integrity, and availability, combined with the ease of exploitation over a network without privileges. Notably, this issue follows a previous vulnerability (CVE-2023-39660) where the vendor attempted to restrict code execution, but those mitigations were insufficient to prevent this new attack vector. No patches or fixes have been publicly disclosed at the time of this report, increasing the risk for users of affected versions. The vulnerability is categorized under CWE-862, indicating improper authorization, which in this context manifests as inadequate control over code execution from user-supplied data. Since PandasAI is a Python library used for AI and data analysis workflows, exploitation could lead to compromise of data processing environments, leakage of sensitive information, and disruption of critical data pipelines.

Potential Impact

For European organizations, the impact of this vulnerability can be significant, especially for those relying on PandasAI in data science, AI development, and analytics environments. Exploitation could lead to unauthorized execution of malicious code, resulting in data breaches, intellectual property theft, or sabotage of data processing workflows. Organizations in finance, healthcare, research, and critical infrastructure sectors that use Python-based AI tools are particularly at risk. The ability to execute arbitrary code remotely without authentication means attackers can infiltrate systems, deploy malware, or move laterally within networks. This could disrupt business operations, cause regulatory compliance violations (e.g., GDPR breaches due to data exposure), and damage organizational reputation. Given the lack of patches, organizations may face prolonged exposure, increasing the window for attackers to develop exploits. Additionally, the vulnerability could be leveraged in supply chain attacks if compromised environments are used to build or distribute software or data products.

Mitigation Recommendations

To mitigate this vulnerability, European organizations should immediately audit their use of PandasAI and identify any deployments of the affected synthetic_dataframe module, particularly the GenerateSDFPipeline function. Until official patches are released, organizations should consider disabling or restricting the use of this functionality in their environments. Implement strict input validation and sanitization on any dataframes or inputs that could be processed by PandasAI to prevent malicious English language specifications from being interpreted. Employ runtime application self-protection (RASP) or sandboxing techniques to limit the execution context of Python code generated by PandasAI, minimizing potential damage from exploitation. Monitor network and system logs for unusual activity related to PandasAI processes, including unexpected code execution or data pipeline anomalies. Additionally, update incident response plans to include detection and containment strategies for this vulnerability. Engage with the vendor or open-source community to track patch releases and apply updates promptly once available. Finally, consider isolating AI and data science workloads from critical production systems to reduce attack surface exposure.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
mitre
Date Reserved
2024-01-22T00:00:00.000Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 6839c41d182aa0cae2b4361a

Added to database: 5/30/2025, 2:43:41 PM

Last enriched: 7/8/2025, 5:14:33 PM

Last updated: 7/26/2025, 7:30:54 AM

Views: 15

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats