Lucene search
GitHub Advisory DatabaseGHSA-2XXC-73FV-36F7HistoryAug 15, 2023 - 6:31 p.m.
llama-index vulnerable to arbitrary code execution
2023-08-1518:31:32
CWE-74
CWE-94
GitHub Advisory Database
github.com
35
llama_index
software
code execution
pandasqueryengine
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.003 Low
EPSS
Percentile
68.1%
An issue in llama_index v.0.7.13 and before allows a remote attacker to execute arbitrary code via the exec parameter in PandasQueryEngine function.
Affected configurations
Node
llamaindexRange<0.9.14
| CPE | Name | Operator | Version |
|---|---|---|---|
| llama-index | lt | 0.9.14 |
Related
osv
osv
llama-index vulnerable to arbitrary code execution
2023-08-15 18:31:32
PYSEC-2023-148
2023-08-15 17:15:00
CVE-2023-39662
2023-08-15 17:15:00
veracode
veracode
Arbitrary Code Execution
2023-08-17 04:10:02
nvd
nvd
CVE-2023-39662
2023-08-15 17:15:13
CVE-2024-3098
2024-04-10 17:15:56
prion
prion
Code injection
2023-08-15 17:15:00
cve
cve
CVE-2023-39662
2023-08-15 17:15:13
CVE-2024-3098
2024-04-10 17:15:56
cvelist
cvelist
CVE-2023-39662
2023-08-15 00:00:00
github
github
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.003 Low
EPSS
Percentile
68.1%
Related for GHSA-2XXC-73FV-36F7