CVE-2024-9880 - Apache Pandas Command Injection Vulnerability
CVE-2024-9880 - Apache Pandas Command Injection Vulnerability
CVE ID : CVE-2024-9880 Published : March 20, 2025, 10:15 a.m. | 2 days, 4 hours ago Description : A command injection vulnerability exists in the pandas.DataFrame.query function of pandas-dev/pandas versions up to and including v2.2.2. This vulnerability allows an attacker to execute arbitrary commands on the server by crafting a malicious query.
CVE ID : CVE-2024-9880
Published : March 20, 2025, 10:15 a.m. | 2 days, 4 hours ago
Description : A command injection vulnerability exists in the `pandas.DataFrame.query` function of pandas-dev/pandas versions up to and including v2.2.2. This vulnerability allows an attacker to execute arbitrary commands on the server by crafting a malicious query. The issue arises from the improper validation of user-supplied input in the `query` function when using the ‘python’ engine, leading to potential remote command execution.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…