HIGH 8.1
PYSEC-2026-561
Vanna prompt injection code execution
상세
The Vanna library uses a prompt function to present the user with visualized results, it is possible to alter the prompt using prompt injection and run arbitrary Python code instead of the intended visualization code. Specifically - allowing external input to the library’s “ask” method with "visualize" set to True (default behavior) leads to remote code execution.
이 버전이 영향받나요?
사용 중인 패키지 버전을 입력하면 즉시 평가합니다.
영향 패키지
PyPI / vanna
최초 영향 버전:
0 No fixed version published yet for vanna (pip). Pin to a known-safe version or switch to an alternative.