Vulnerability CVE-2024-5753


Published: 2024-07-05

Description:
vanna-ai/vanna version v0.3.4 is vulnerable to SQL injection in some file-critical functions such as `pg_read_file()`. This vulnerability allows unauthenticated remote users to read arbitrary local files on the victim server, including sensitive files like `/etc/passwd`, by exploiting the exposed SQL queries via a Python Flask API.

Type:

CWE-200

(Information Exposure)

 References:
https://huntr.com/bounties/a3f913d6-c717-4528-b974-26d8d9e839ca

Copyright 2026, cxsecurity.com

 

Back to Top