GHSA-WVPX-G427-Q9WC llama-index-core Prompt Injection vulnerability leading to Arbitrary Code Execution

A vulnerability was identified in the executils class of the llamaindex package, specifically within the safeeval function, allowing for prompt injection leading to arbitrary code execution. This issue arises due to insufficient validation of input, which can be exploited to bypass method...

LlamaIndex 代码注入漏洞

LlamaIndex is a data framework for an LLM application by the individual developer Jerry Liu. A code injection vulnerability exists in LlamaIndex that stems from insufficient input validation of the safeeval function in executils, which allows injection at the prompt, leading to arbitrary code...