Lucene search
K

6 matches found

vulnersOsv
vulnersOsv
added 2025/07/06 11:42 p.m.4 views

aiqtoolkit-llama-index (>=1.1.0 <=1.2.0rc4), airunner (>=3.0.0 <=3.1.14) +42 more potentially affected by CVE-2025-3108 via llama-index (>=0.10.0 <=0.12.38)

llama-index PYPI version =0.10.0, =1.1.0, =3.0.0, =1.0.5, =1.7.0, =0.2.53, =0.1.3, =0.1.169, =0.1.0, =0.3.0, =0.0.52, =0.0.61 - intelligent-engine-core =0.1.0 - jiuwen-opensource =0.0.3 and more Source cves: CVE-2025-3108 Source advisory: SNYK:PYTHON-LLAMAINDEX-10645588...

7.5CVSS5.9AI score0.00417EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2025/07/06 11:42 p.m.9 views

aider-chat (=0.43.0), aimon-llamaindex (>=0.0.6 <=0.0.9) +686 more potentially affected by CVE-2025-3108 via llama-index-core (>=0.10.0 <=0.12.39)

llama-index-core PYPI version =0.10.0, =0.0.6, =1.1.0, =3.0.0, =1.7.0, =1.0.0, =0.0.3, =0.2.1, =0.2.1.dev0, =0.1.3, =0.1.169, =0.1.0, =0.3.0, =0.1.0, =0.4.0.dev2 and more Source cves: CVE-2025-3108 Source advisory: SNYK:PYTHON-LLAMAINDEXCORE-10645589...

7.5CVSS5.9AI score0.00417EPSS
Exploits1
NVD
NVD
added 2025/07/06 11:15 p.m.8 views

CVE-2025-3108

A critical deserialization vulnerability exists in the run-llama/llamaindex library's JsonPickleSerializer component, affecting versions v0.12.27 through v0.12.40. This vulnerability allows remote code execution due to an insecure fallback to Python's pickle module. JsonPickleSerializer prioritiz...

7.5CVSS0.00417EPSS
Exploits1References2
CVE
CVE
added 2025/07/06 10:47 p.m.33 views

CVE-2025-3108

CVE-2025-3108 affects run-llama/llama_index, specifically the JsonPickleSerializer in versions v0.12.27–v0.12.40. The root cause is an insecure fallback to Python’s pickle during deserialization, enabling remote code execution if untrusted data is processed. The impact can be full system compromi...

7.5CVSS6.2AI score0.00417EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2025/07/06 10:47 p.m.11 views

CVE-2025-3108 Unsafe Deserialization in JsonPickleSerializer Enables Remote Code Execution in run-llama/llama_index

A critical deserialization vulnerability exists in the run-llama/llamaindex library's JsonPickleSerializer component, affecting versions v0.12.27 through v0.12.40. This vulnerability allows remote code execution due to an insecure fallback to Python's pickle module. JsonPickleSerializer prioritiz...

5CVSS0.00417EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/07/06 10:47 p.m.5 views

CVE-2025-3108 Unsafe Deserialization in JsonPickleSerializer Enables Remote Code Execution in run-llama/llama_index

A critical deserialization vulnerability exists in the run-llama/llamaindex library's JsonPickleSerializer component, affecting versions v0.12.27 through v0.12.40. This vulnerability allows remote code execution due to an insecure fallback to Python's pickle module. JsonPickleSerializer prioritiz...

5CVSS8.8AI score0.00417EPSS
Exploits1References2
Rows per page
Query Builder