pandas-ai SQL Injection Vulnerability in Query Execution

SQL injection vulnerability discovered in pandas-ai version 3.0.0 in the pandasai.agent.base._execute_sql_query component, allowing attackers to execute arbitrary SQL commands.

Malicious input to the pandas-ai query execution component can bypass input sanitization, enabling arbitrary SQL command execution against backend databases.

pandas-ai version 3.0.0 installations with database connectivity.

Upgrade pandas-ai to the latest patched version. Implement input validation and parameterized queries. Restrict database user privileges for pandas-ai connections.