Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS13dnB4LWc0MjctcTl3Y84AA64y

llama-index-core Prompt Injection vulnerability leading to Arbitrary Code Execution

A vulnerability was identified in the exec_utils class of the llama_index package, specifically within the safe_eval function, allowing for prompt injection leading to arbitrary code execution. This issue arises due to insufficient validation of input, which can be exploited to bypass method restrictions and execute unauthorized code. The vulnerability is a bypass of the previously addressed CVE-2023-39662, demonstrated through a proof of concept that creates a file on the system by exploiting the flaw.

Permalink: https://github.com/advisories/GHSA-wvpx-g427-q9wc
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS13dnB4LWc0MjctcTl3Y84AA64y
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: 23 days ago
Updated: 23 days ago

CVSS Score: 9.8
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Identifiers: GHSA-wvpx-g427-q9wc, CVE-2024-3098
References:

Repository: https://github.com/run-llama/llama_index
Blast Radius: 1.0

Affected Packages

pypi:llama-index-core

Dependent packages: 0
Dependent repositories: 0
Downloads: 638,193 last month
Affected Version Ranges: < 0.10.24
Fixed in: 0.10.24
All affected versions: 0.9.41, 0.9.42, 0.9.43, 0.9.44, 0.9.45, 0.9.46, 0.9.47, 0.9.48, 0.9.49, 0.9.50, 0.9.51, 0.9.52, 0.9.53, 0.9.54, 0.9.55, 0.9.56, 0.10.0, 0.10.1, 0.10.2, 0.10.3, 0.10.5, 0.10.6, 0.10.7, 0.10.8, 0.10.9, 0.10.10, 0.10.11, 0.10.12, 0.10.13, 0.10.14, 0.10.15, 0.10.16, 0.10.17, 0.10.18, 0.10.19, 0.10.20, 0.10.21, 0.10.22, 0.10.23
All unaffected versions: 0.10.24, 0.10.25, 0.10.26, 0.10.27, 0.10.28, 0.10.29, 0.10.30, 0.10.31, 0.10.32, 0.10.33