3 matches found
PYSEC-2026-1568 LlamaIndex is vulnerable to Path Traversal attack through its ObsidianReader class
A vulnerability in the ObsidianReader class in LlamaIndex Readers Integration: Obsidian before version 0.5.1 from the run-llama/llamaindex repository versions 0.12.23 to 0.12.28 allows for arbitrary file read through symbolic links. The ObsidianReader fails to resolve symlinks to their real paths...
Directory Traversal
Overview llama-index is an Interface between LLMs and your data Affected versions of this package are vulnerable to Directory Traversal via the ObsidianReader process. An attacker can access arbitrary files outside the intended directory by creating symbolic links that point to sensitive files,...
Directory Traversal
Overview llama-index is an Interface between LLMs and your data Affected versions of this package are vulnerable to Directory Traversal via the loaddata method in the ObsidianReader class. An attacker can access sensitive system files by exploiting hardlinks to bypass path restrictions. Details A...