CVE-2025-5302 Denial of Service (DOS) in JSONReader in run-llama/llama_index

A denial of service vulnerability exists in the JSONReader component of the run-llama/llamaindex repository, specifically in version v0.12.37. The vulnerability is caused by uncontrolled recursion when parsing deeply nested JSON files, which can lead to Python hitting its maximum recursion depth...

LlamaIndex 安全漏洞

LlamaIndex is a data framework for LLM applications from the LlamaIndex open source. A security vulnerability exists in LlamaIndex version v0.12.37, which stems from an uncontrolled recursion when parsing deeply nested JSON files by the JSONReader component, which could lead to a denial of servic...

CVE-2025-5472

The JSONReader in run-llama/llamaindex versions 0.12.28 is vulnerable to a stack overflow due to uncontrolled recursive JSON parsing. This vulnerability allows attackers to trigger a Denial of Service DoS by submitting deeply nested JSON structures, leading to a RecursionError and crashing...

CVE-2025-5472 Denial of Service via Uncontrolled Recursive JSON Parsing in JSONReader in run-llama/llama_index

The JSONReader in run-llama/llamaindex versions 0.12.28 is vulnerable to a stack overflow due to uncontrolled recursive JSON parsing. This vulnerability allows attackers to trigger a Denial of Service DoS by submitting deeply nested JSON structures, leading to a RecursionError and crashing...

LlamaIndex 安全漏洞

LlamaIndex is a data framework for LLM applications from the LlamaIndex open source. A security vulnerability exists in LlamaIndex version 0.12.28, which stems from uncontrolled recursive parsing in JSONReader and could lead to a denial of service attack...

PT-2025-27665 · Unknown · Llama Index

Name of the Vulnerable Software and Affected Versions: llama index versions prior to 0.12.28 llama index version 0.12.28 Description: The JSONReader in the affected software is vulnerable to a stack overflow due to uncontrolled recursive JSON parsing. This allows attackers to trigger a Denial of...

Denial of Service via `Uncontrolled Recursive` JSON Parsing in `JSONReader`

Description The JSONReader in llamaindex is vulnerable to stack overflow when processing deeply nested JSON, leading to a RecursionError. Attackers can exploit this to trigger Denial of Service DoS by submitting malicious JSON, crashing applications before input validation. This impacts...