GHSA-JMGM-GX32-VP4W LlamaIndex vulnerable to Creation of Temporary File in Directory with Insecure Permissions
A vulnerability in the defaultjsonalyzer function of the JSONalyzeQueryEngine in the run-llama/llamaindex repository allows for SQL injection via prompt injection. This can lead to arbitrary file creation and Denial-of-Service DoS attacks. The vulnerability affects the latest version and is fixed...