Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1yNmdwLXJmZjItcDNoZs4AA7Ca

llama-index-core Command Injection vulnerability

A command injection vulnerability exists in the run-llama/llama_index repository, specifically within the safe_eval function. Attackers can bypass the intended security mechanism, which checks for the presence of underscores in code generated by LLM, to execute arbitrary code. This is achieved by crafting input that does not contain an underscore but still results in the execution of OS commands. The vulnerability allows for remote code execution (RCE) on the server hosting the application.

Permalink: https://github.com/advisories/GHSA-r6gp-rff2-p3hf
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1yNmdwLXJmZjItcDNoZs4AA7Ca
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: about 1 month ago
Updated: about 1 month ago


CVSS Score: 9.8
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Identifiers: GHSA-r6gp-rff2-p3hf, CVE-2024-3271
References: Repository: https://github.com/run-llama/llama_index
Blast Radius: 1.0

Affected Packages

pypi:llama-index-core
Dependent packages: 518
Dependent repositories: 0
Downloads: 730,259 last month
Affected Version Ranges: < 0.10.24
Fixed in: 0.10.24
All affected versions: 0.9.41, 0.9.42, 0.9.43, 0.9.44, 0.9.45, 0.9.46, 0.9.47, 0.9.48, 0.9.49, 0.9.50, 0.9.51, 0.9.52, 0.9.53, 0.9.54, 0.9.55, 0.9.56, 0.10.0, 0.10.1, 0.10.2, 0.10.3, 0.10.5, 0.10.6, 0.10.7, 0.10.8, 0.10.9, 0.10.10, 0.10.11, 0.10.12, 0.10.13, 0.10.14, 0.10.15, 0.10.16, 0.10.17, 0.10.18, 0.10.19, 0.10.20, 0.10.21, 0.10.22, 0.10.23
All unaffected versions: 0.10.24, 0.10.25, 0.10.26, 0.10.27, 0.10.28, 0.10.29, 0.10.30, 0.10.31, 0.10.32, 0.10.33, 0.10.34, 0.10.35, 0.10.36, 0.10.37, 0.10.38, 0.10.39