EUVD-2026-13802
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Lifecycle Timeline
5Tags
Description
A vulnerability was identified in bagofwords1 bagofwords up to 0.0.297. This impacts the function generate_df of the file backend/app/ai/code_execution/code_execution.py. Such manipulation leads to injection. The attack may be launched remotely. The exploit is publicly available and might be used. Upgrading to version 0.0.298 will fix this issue. The name of the patch is 47b20bcda31264635faff7f6b1c8095abe1861c6. It is recommended to upgrade the affected component.
Analysis
A code injection vulnerability exists in bagofwords (versions up to 0.0.297) within the generate_df function of backend/app/ai/code_execution/code_execution.py, allowing remote attackers with low privileges to inject and execute arbitrary code. The vulnerability (CWE-74: Improper Neutralization of Special Elements in Output) has a CVSS score of 6.3 (Medium) with network-based attack vector and low attack complexity, meaning exploitation requires only basic authentication and no user interaction. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 30 days: Identify affected systems running bagofwords1 bagofwords and apply vendor patches as part of regular patch cycle. Validate input sanitization for user-controlled parameters.
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today