Cyber Resilience

CVE-2024-23752

CriticalPublic PoC

Published: 22 January 2024

Published
22 January 2024
Modified
30 May 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0080 74.5th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-23752 is a critical-severity Missing Authorization (CWE-862) vulnerability in Gabrieleventuri Pandasai. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Python (T1059.006); ranked in the top 25.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as Data Processing Libraries; in the LLM/Generative AI Risks risk domain; MITRE ATLAS techniques in scope: Indirect (AML.T0051.001).

EU & UK References

Vulnerability details

GenerateSDFPipeline in synthetic_dataframe in PandasAI (aka pandas-ai) through 1.5.17 allows attackers to trigger the generation of arbitrary Python code that is executed by SDFCodeExecutor. An attacker can create a dataframe that provides an English language specification of this Python code.…

more

NOTE: the vendor previously attempted to restrict code execution in response to a separate issue, CVE-2023-39660.

CWE(s)

AI Security AnalysisAI

AI Category
Data Processing Libraries
Risk Domain
LLM/Generative AI Risks
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
PandasAI (pandas-ai) is a library that augments pandas data processing with generative AI capabilities, such as natural language to Python code generation for synthetic dataframes, making it a data processing library with AI integration.

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1059.006 Python Execution
Adversaries may abuse Python commands and scripts for execution.
Why these techniques?

The vulnerability enables attackers to craft a dataframe that triggers the generation and execution of arbitrary Python code via SDFCodeExecutor, directly facilitating T1059.006: Command and Scripting Interpreter: Python.

MITRE ATLAS TechniquesAI

MITRE ATLAS techniques

AML.T0051.001: Indirect

Affected Assets

gabrieleventuri
pandasai
≤ 1.5.17

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-862

Requiring an access control policy ensures authorization checks are defined and applied for critical functions.

addresses: CWE-862

Reviews of access controls detect missing authorization checks on critical functions or resources.

addresses: CWE-862

Documenting permitted unauthenticated actions prevents missing authorization by making all exceptions explicit and subject to organizational review.

addresses: CWE-862

Requiring attribute association with information prevents authorization from being performed without necessary security or privacy context.

addresses: CWE-862

Mandating authorization prior to allowing remote connections addresses missing authorization for remote access.

addresses: CWE-862

Mandating authorization before wireless connections are allowed prevents missing authorization for wireless access.

addresses: CWE-862

The control requires authorization before allowing mobile device connections, directly mitigating missing authorization for system access.

addresses: CWE-862

Requiring approvals for account creation and specifying authorizations ensures authorization is not missing for system access.

References