EUVD-2024-1326

Malicious code in bioql PyPI...

Code Injection

llama-index-core is vulnerable to Code Injection. The vulnerability is due to insufficient input validation within the safeeval function in the executils class, which allows an attacker to bypass method restrictions resulting in unauthorized code execution...

CVE-2024-3098

A vulnerability was identified in the executils class of the llamaindex package, specifically within the safeeval function, allowing for prompt injection leading to arbitrary code execution. This issue arises due to insufficient validation of input, which can be exploited to bypass method...

CVE-2024-3098 Prompt Injection leading to Arbitrary Code Execution in run-llama/llama_index

A vulnerability was identified in the executils class of the llamaindex package, specifically within the safeeval function, allowing for prompt injection leading to arbitrary code execution. This issue arises due to insufficient validation of input, which can be exploited to bypass method...

CVE-2024-3098

Summary: CVE-2024-3098 affects the llama_index package, specifically the exec_utils.safe_eval function. The issue enables prompt injection that can lead to arbitrary code execution due to insufficient input validation, effectively bypassing prior constraints (CVE-2023-39662). A validated PoC demo...

CVE-2024-3098 Prompt Injection leading to Arbitrary Code Execution in run-llama/llama_index

A vulnerability was identified in the executils class of the llamaindex package, specifically within the safeeval function, allowing for prompt injection leading to arbitrary code execution. This issue arises due to insufficient validation of input, which can be exploited to bypass method...