Sql injection

LlamaIndex aka llamaindex through 0.9.34 allows SQL injection via the Text-to-SQL feature in NLSQLTableQueryEngine, SQLTableRetrieverQueryEngine, NLSQLRetriever, RetrieverQueryEngine, and PGVectorSQLQueryEngine. For example, an attacker might be able to delete this year's student records via "Dro...

LlamaIndex Security Breach

LlamaIndex is a data framework for LLM applications by the individual developer Jerry Liu. A security vulnerability exists in LlamaIndex version 0.9.34 and earlier, which stems from vulnerability to SQL injection attacks...

CVE-2024-23751

CVE-2024-23751 concerns LlamaIndex (llama_index) up to version 0.9.34, where the Text-to-SQL feature is vulnerable to SQL injection via multiple engines (NLSQLTableQueryEngine, SQLTableRetrieverQueryEngine, NLSQLRetriever, RetrieverQueryEngine, and PGVectorSQLQueryEngine). The described impact is...

openSUSE Security Update : samba / talloc / tevent (openSUSE-2018-300)

"Samba was updated to version 4.6.13 to fix several bugs. bsc1084191 Security issue fixed : - CVE-2018-1050: DOS vulnerability when SPOOLSS is run externally bsc1081741. The library talloc was updated to version 2.1.10 : - build, documentation and python3 improvements The library tevent was updat...

CVE-2005-3966

CVE-2005-3966 concerns Cross-site Scripting (XSS) in Java Search Engine (JSE) 0.9.34. The vulnerability is triggered via the q parameter in search.jsp, allowing remote attackers to inject arbitrary web script or HTML. The NVD/CVE details show a MEDIUM severity (CVSS v2 base score 4.3) with networ...