CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5 matches found

OSV•added 2023/08/15 6:31 p.m.•0 views

GHSA-2XXC-73FV-36F7 llama-index vulnerable to arbitrary code execution

An issue in llamaindex v.0.7.13 and before allows a remote attacker to execute arbitrary code via the exec parameter in PandasQueryEngine function...

9.8CVSS6.2AI score0.03889EPSS

Exploits1References6

ATTACKERKB•added 2023/08/15 5:15 p.m.•2 views

CVE-2023-39662

An issue in llamaindex v.0.7.13 and before allows a remote attacker to execute arbitrary code via the exec parameter in PandasQueryEngine function...

9.8CVSS6.2AI score0.03889EPSS

Exploits1References2

PyPA•added 2023/08/15 5:15 p.m.•5 views

PYSEC-2023-148

An issue in llamaindex v.0.7.13 and before allows a remote attacker to execute arbitrary code via the exec parameter in PandasQueryEngine function...

9.8CVSS8.1AI score0.03889EPSS

Exploits1References3Affected Software1

Positive Technologies•added 2023/08/15 12:0 a.m.•4 views

PT-2023-27061

Name of the Vulnerable Software and Affected Versions llama index versions 0.7.13 and earlier Description An issue in llama index allows a remote attacker to execute arbitrary code via the exec parameter in the PandasQueryEngine function. This enables the attacker to perform unauthorized actions ...

9.8CVSS6AI score0.03889EPSS

Exploits1References13

CNNVD•added 2023/08/15 12:0 a.m.•2 views

LlamaIndex Injection Vulnerability

LlamaIndex is a data framework for LLM applications by the individual developer Jerry Liu. A security vulnerability exists in LlamaIndex version v.0.7.13, which can be exploited to execute arbitrary code via the exec parameter in the PandasQueryEngine function...

9.8CVSS7.7AI score0.03889EPSS

Exploits1References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by