2 matches found
CVE-2024-11958
A SQL injection vulnerability exists in the duckdbretriever component of the run-llama/llamaindex repository, specifically in the latest version. The vulnerability arises from the construction of SQL queries without using prepared statements, allowing an attacker to inject arbitrary SQL code. Thi...
CVE-2024-11958
CVE-2024-11958 affects the duckdb_retriever component in run-llama/llama_index, with SQL queries constructed without prepared statements. This enables SQL injection and can lead to remote code execution (RCE) by installing the shellfs extension and executing commands. Public references (GHSA-339R...