Premsql
Monthly
Remote code execution in premAI-io premsql up to version 0.2.1 allows authenticated remote attackers to achieve arbitrary code execution through code injection via manipulation of the result argument in the eval function located in premsql/agents/baseline/workers/followup.py. Publicly available exploit code exists for this vulnerability, and the vendor has not responded to early disclosure attempts, leaving affected deployments without an official patch.
Remote code execution in premAI-io premsql up to version 0.2.1 allows authenticated remote attackers to achieve arbitrary code execution through code injection via manipulation of the result argument in the eval function located in premsql/agents/baseline/workers/followup.py. Publicly available exploit code exists for this vulnerability, and the vendor has not responded to early disclosure attempts, leaving affected deployments without an official patch.