Lucene search
K

4 matches found

NVD
NVD
added 2024/04/16 12:15 a.m.16 views

CVE-2024-3271

A command injection vulnerability exists in the run-llama/llamaindex repository, specifically within the safeeval function. Attackers can bypass the intended security mechanism, which checks for the presence of underscores in code generated by LLM, to execute arbitrary code. This is achieved by...

9.8CVSS10AI score0.02862EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/04/16 12:0 a.m.30 views

CVE-2024-3271 Command Injection in run-llama/llama_index

A command injection vulnerability exists in the run-llama/llamaindex repository, specifically within the safeeval function. Attackers can bypass the intended security mechanism, which checks for the presence of underscores in code generated by LLM, to execute arbitrary code. This is achieved by...

9.8CVSS10AI score0.02862EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/04/16 12:0 a.m.17 views

CVE-2024-3271 Command Injection in run-llama/llama_index

A command injection vulnerability exists in the run-llama/llamaindex repository, specifically within the safeeval function. Attackers can bypass the intended security mechanism, which checks for the presence of underscores in code generated by LLM, to execute arbitrary code. This is achieved by...

9.8CVSS8.6AI score0.02862EPSS
Exploits1References2
CVE
CVE
added 2024/04/16 12:0 a.m.73 views

CVE-2024-3271

CVE-2024-3271 affects the run-llama/llama_index project, specifically the safe_eval function. The issue allows command execution via crafted input that bypasses the underscore check in code produced by LLMs, enabling remote code execution on the server. Connected sources corroborate a command-inj...

9.8CVSS8.6AI score0.02862EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder