4 matches found
CVE-2025-5472
A denial of service flaw was found in llamaindex. The JSONReader class does not properly handle deeply nested JSON data structures and may throw a RecursionError given certain data input. If left uncaught, this may cause the program to crash. Mitigation Mitigation for this issue is either not...
CVE-2025-5472
The JSONReader in run-llama/llamaindex versions 0.12.28 is vulnerable to a stack overflow due to uncontrolled recursive JSON parsing. This vulnerability allows attackers to trigger a Denial of Service DoS by submitting deeply nested JSON structures, leading to a RecursionError and crashing...
CVE-2025-5472
The CVE-2025-5472 entry concerns run-llama/llama_index’s JSONReader. Versions prior to 0.12.38 are vulnerable to a stack overflow/DoS via uncontrolled recursive JSON parsing when processing deeply nested structures. Root cause is unsafe recursive traversal with no depth validation, causing Recurs...
CVE-2025-5472 Denial of Service via Uncontrolled Recursive JSON Parsing in JSONReader in run-llama/llama_index
The JSONReader in run-llama/llamaindex versions 0.12.28 is vulnerable to a stack overflow due to uncontrolled recursive JSON parsing. This vulnerability allows attackers to trigger a Denial of Service DoS by submitting deeply nested JSON structures, leading to a RecursionError and crashing...