3 matches found
CVE-2024-3098
A vulnerability was identified in the executils class of the llamaindex package, specifically within the safeeval function, allowing for prompt injection leading to arbitrary code execution. This issue arises due to insufficient validation of input, which can be exploited to bypass method...
CVE-2024-3098 Prompt Injection leading to Arbitrary Code Execution in run-llama/llama_index
A vulnerability was identified in the executils class of the llamaindex package, specifically within the safeeval function, allowing for prompt injection leading to arbitrary code execution. This issue arises due to insufficient validation of input, which can be exploited to bypass method...
CVE-2024-3098
Summary: CVE-2024-3098 affects the llama_index package, specifically the exec_utils.safe_eval function. The issue enables prompt injection that can lead to arbitrary code execution due to insufficient input validation, effectively bypassing prior constraints (CVE-2023-39662). A validated PoC demo...