GHSA-G99H-56MW-8263 LLama-Index CLI OS command injection vulnerability

LLama-Index CLI prior to v0.4.1, corresponding to LLama-Index prior to v0.12.21, contains an OS command injection vulnerability. The vulnerability arises from the improper handling of the --files argument, which is directly passed into os.system. An attacker who controls the content of this...

Command Injection

Overview llama-index-cli is a llama-index cli Affected versions of this package are vulnerable to Command Injection through the CLI interface due to pasting the --files argument directly into os.system. An attacker who controls the content of this argument can execute arbitrary commands on the...

PT-2024-27184 · Dedecms · Dedecms

Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7.112-UTF8 Description: A vulnerability has been found in DedeCMS, affecting an unknown functionality of the file update guide.php. The manipulation of the argument files leads to path traversal: '../filedir'. The attack can...

PT-2023-28056 · Unknown · Chengdu Flash Flood Disaster Monitoring/Warning System

Name of the Vulnerable Software and Affected Versions: Chengdu Flash Flood Disaster Monitoring and Warning System version 2.0 Description: A problematic issue was found in the Chengdu Flash Flood Disaster Monitoring and Warning System. This issue affects the file ServiceFileDownload.ashx and is...