2 matches found
SQL Injection
Overview llama-index-packs-finchat is a llama-index packs implementation of a hierarchical agent for finance chat. Affected versions of this package are vulnerable to SQL Injection via the runsqlquery function in the database agent. An attacker can inject raw PostgreSQL statements into a prompt a...
CVE-2024-12909 SQL Injection to RCE in run-llama/llama_index
A vulnerability in the FinanceChatLlamaPack of the run-llama/llamaindex repository, versions up to v0.12.3, allows for SQL injection in the runsqlquery function of the databaseagent. This vulnerability can be exploited by an attacker to inject arbitrary SQL queries, leading to remote code executi...