6 matches found
aiqtoolkit-llama-index (>=1.1.0 <=1.2.0rc4), airunner (>=3.0.0 <=3.1.14) +42 more potentially affected by CVE-2025-3108 via llama-index (>=0.10.0 <=0.12.38)
llama-index PYPI version =0.10.0, =1.1.0, =3.0.0, =1.0.5, =1.7.0, =0.2.53, =0.1.3, =0.1.169, =0.1.0, =0.3.0, =0.0.52, =0.0.61 - intelligent-engine-core =0.1.0 - jiuwen-opensource =0.0.3 and more Source cves: CVE-2025-3108 Source advisory: SNYK:PYTHON-LLAMAINDEX-10645588...
aider-chat (=0.43.0), aimon-llamaindex (>=0.0.6 <=0.0.9) +686 more potentially affected by CVE-2025-3108 via llama-index-core (>=0.10.0 <=0.12.39)
llama-index-core PYPI version =0.10.0, =0.0.6, =1.1.0, =3.0.0, =1.7.0, =1.0.0, =0.0.3, =0.2.1, =0.2.1.dev0, =0.1.3, =0.1.169, =0.1.0, =0.3.0, =0.1.0, =0.4.0.dev2 and more Source cves: CVE-2025-3108 Source advisory: SNYK:PYTHON-LLAMAINDEXCORE-10645589...
CVE-2025-3108
A critical deserialization vulnerability exists in the run-llama/llamaindex library's JsonPickleSerializer component, affecting versions v0.12.27 through v0.12.40. This vulnerability allows remote code execution due to an insecure fallback to Python's pickle module. JsonPickleSerializer prioritiz...
CVE-2025-3108
CVE-2025-3108 affects run-llama/llama_index, specifically the JsonPickleSerializer in versions v0.12.27–v0.12.40. The root cause is an insecure fallback to Python’s pickle during deserialization, enabling remote code execution if untrusted data is processed. The impact can be full system compromi...
CVE-2025-3108 Unsafe Deserialization in JsonPickleSerializer Enables Remote Code Execution in run-llama/llama_index
A critical deserialization vulnerability exists in the run-llama/llamaindex library's JsonPickleSerializer component, affecting versions v0.12.27 through v0.12.40. This vulnerability allows remote code execution due to an insecure fallback to Python's pickle module. JsonPickleSerializer prioritiz...
CVE-2025-3108 Unsafe Deserialization in JsonPickleSerializer Enables Remote Code Execution in run-llama/llama_index
A critical deserialization vulnerability exists in the run-llama/llamaindex library's JsonPickleSerializer component, affecting versions v0.12.27 through v0.12.40. This vulnerability allows remote code execution due to an insecure fallback to Python's pickle module. JsonPickleSerializer prioritiz...