SQL Injection via generate_sql Result Execution
A SQL injection vulnerability was discovered in vanna-ai/vanna version 0.6.2, allowing attackers to execute arbitrary SQL commands. The issue was patched in a subsequent release.
Available publicly on Oct 01 2024
Threat Overview
The vulnerability arises from the generate_sql function calling extract_sql with the LLM response, which uses a basic regex process to extract the SQL query. By injecting a semi-colon and additional SQL commands, an attacker can manipulate the extracted SQL to execute arbitrary commands. This can lead to unauthorized data access and potential data manipulation.
Attack Scenario
An attacker could exploit this vulnerability by crafting a question that includes a semi-colon followed by malicious SQL commands. For example, asking 'how many products are in RMA;SELECT * FROM USERS; status?' would result in the execution of 'SELECT * FROM USERS;', potentially exposing sensitive user data.
Who is affected
Users of vanna-ai/vanna version 0.6.2 who rely on the generate_sql function to convert natural language questions into SQL queries are affected. This includes any systems where the generated SQL is executed against a database without proper validation.
Technical Report
Want more out of Sightline?
Sightline offers even more for premium customers
Go Premium
We have - related security advisories that are available with Sightline Premium.