5 matches found
Code Injection
llamaindex is vulnerable to Code Injection. The vulnerability is caused due to a missing validation for the clsname variable used in the exec call in the download/integration.py script. An attacker can execute arbitrary code by injecting malicious input into the clsname variable used in the exec...
CVE-2024-45201
A vulnerability was found in the llamaindex application where the downloadintegration function calls Python's exec function with an external parameter. If an attacker manages to control the related parameter, this vulnerability may lead to remote code execution...
GHSA-FXC2-8M62-M85X LlamaIndex includes an exec call for `import {cls_name}`
An issue was discovered in llamaindex before 0.10.38. download/integration.py includes an exec call for import clsname...
CVE-2024-45201
An issue was discovered in llamaindex before 0.10.38. download/integration.py includes an exec call for import clsname...
CVE-2024-45201
An issue was discovered in llamaindex before 0.10.38. download/integration.py includes an exec call for import clsname...