llama-index-packs-deeplake-deepmemory-retriever (>=0.1.0 <=0.1.4), llama-index-packs-deeplake-multimodal-retrieval (>=0.1.0 <=0.1.4) potentially affected by CVE-2025-1793 via llama-index-vector-stores-deeplake (>=0.1.0 <=0.1.6)

llama-index-vector-stores-deeplake PYPI version =0.1.0, =0.1.0, =0.1.0, =0.1.4 Source cves: CVE-2025-1793 Source advisory: SNYK:PYTHON-LLAMAINDEXVECTORSTORESDEEPLAKE-10332650...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection through multiple vector store integrations. An attacker can read and write data using SQL, potentially leading to unauthorized access to data of other users depending on the usage of the library in a web application...

Command Injection

deeplake is vulnerable to Command Injection. The vulnerability is due to a lack of input sanitization within the ingestkaggle API when ingesting a remote Kaggle dataset, allowing an attacker to execute arbitrary commands on the server...

PT-2024-37677 · Deeplake · Deeplake

Name of the Vulnerable Software and Affected Versions: Software affected versions not specified Description: The issue is related to command injection when ingesting a remote Kaggle dataset due to a lack of input sanitization in the ingest kaggle API. This allows for potential command injection...